makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-23 10:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

*** empty log message ***

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5142 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2005-05-06 20:50:13 +00:00
parent aa895baa17
commit bdec7f1e2c
27 changed files with 170 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/admin/admin_smilies.php
View file

@ -447,6 +447,9 @@ else if ( $mode != "" )
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_emotion = trim($smile_emotion);
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')

42
phpBB/admin/admin_ug_auth.php
View file

@ -508,6 +508,48 @@ if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || (
}
}
$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
$group_user = array();
while ($row = $db->sql_fetchrow($result))
{
$group_user[$row['user_id']] = $row['user_id'];
}
$db->sql_freeresult($result);
$sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
AND aa.group_id = ug.group_id
AND aa.auth_mod = 1
GROUP BY ug.user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result))
{
if ($row['is_auth_mod'])
{
unset($group_user[$row['user_id']]);
}
}
$db->sql_freeresult($result);
if (sizeof($group_user))
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . USER . "
WHERE user_id IN (" . implode(', ', $group_user) . ")";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
}
}
message_die(GENERAL_MESSAGE, $message);
}
}

5
phpBB/admin/pagestart.php
View file

@ -59,6 +59,11 @@ if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
redirect("index.$phpEx?sid=" . $userdata['session_id']);
}
if (!$userdata['session_admin'])
{
redirect(append_sid("login.$phpEx?redirect=admin/&admin=1", true));
}
if (empty($no_page_header))
{
// Not including the pageheader can be neccesarry if META tags are

1
phpBB/db/postgres7.php
View file

@ -123,7 +123,6 @@ class sql_db
$this->num_queries++;
$query = preg_replace("/LIMIT ([0-9]+),([ 0-9]+)/", "LIMIT \\2 OFFSET \\1", $query);
$query = preg_replace('#(.*WHERE.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query);
if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
{

14
phpBB/docs/INSTALL.html
View file

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html">
<meta http-equiv="Content-Style-Type" content="text/css">
<title>phpBB 2.0.14 :: Install</title>
<title>phpBB 2.0.15 :: Install</title>
<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css">
<style type="text/css">
<!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.14 INSTALL</span></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.15 INSTALL</span></td>
</tr>
</table>
@ -33,7 +33,7 @@ p,ul,td {font-size:10pt;}
<p>Please note these instructions are not fully comprehensive, a more thorough userguide will be available on the phpBB website in the near future. However, this document will walk you through the basics on installing the forum software.</p>
<p>A basic overview of running phpBB 2.0.14 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/support/guide/" target="_new">Userguide</a> now available online.</p>
<p>A basic overview of running phpBB 2.0.15 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/support/guide/" target="_new">Userguide</a> now available online.</p>
<ol>
<li><a href="#quickinstall">Quick Install</a></li>
@ -88,7 +88,7 @@ p,ul,td {font-size:10pt;}
<a name="require"></a><h2 class="h2"><u>2. Requirements</u></h2>
<p>Installation of phpBB 2.0.14 requires the following:</p>
<p>Installation of phpBB2 requires the following:</p>
<ul>
<li>A webserver or web hosting account running on any major Operating System</li>
<li>A SQL database system, <b>one of</b>:
@ -186,13 +186,15 @@ p,ul,td {font-size:10pt;}
<p><b>MySQL Users Please Note</b>: Changes introduced in 2.0.4 may increase the size of your database, more specifically the search_wordmatch table. There are other changes in that release which are designed to reduce the database size. However these additional changes may not apply to all types of forum (particularly non-English boards). While any increases will be relatively small compared to the overall database size it may be an issue for some users. In particular users on hosting plans which limit database size and where the database is near that limit.</p>
<p><b>Please make sure you update your phpBB2 source files too, even if you run the update_to_latest.php file.</b></p>
<a name="#upgradeSTABLE_full"></a><h3 class="h3">7.i. Full package</h3>
<p>If you have downloaded the full package you should follow the same general upgrade path as for "<a href="#upgradeRC">Upgrade from previous Release Candidate versions of phpBB 2</a>". The exception to this being the need to switch or update styles. In addition there is generally little need to visit the admin panel (though it is adviseable).</p>
<a name="#upgradeSTABLE_files"></a><h3 class="h3">7.ii. Changed files only</h3>
<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.13 you should select the phpBB-2.0.13_to_2.0.14.zip/tar.gz file.</p>
<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.14 you should select the phpBB-2.0.14_to_2.0.15.zip/tar.gz file.</p>
<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any Mods these files will overwrite the originals possibly destroying them in the process. You will need to re-add Mods to any affected file before uploading.</p>
@ -202,7 +204,7 @@ p,ul,td {font-size:10pt;}
<p>The patch file is probably the best solution for those with many Mods or other changes who do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <b>patch</b> application.</p>
<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.13 you need the phpBB-2.0.13_to_2.0.14.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.14 you need the phpBB-2.0.14_to_2.0.15.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
<p>If you do get failures you should look at using the <a href="#upgradeSTABLE_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Mods to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>

30
phpBB/docs/README.html
View file

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html">
<meta http-equiv="Content-Style-Type" content="text/css">
<title>phpBB 2.0.14 :: Readme</title>
<title>phpBB 2.0.15 :: Readme</title>
<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
<style type="text/css">
<!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.14 README</span></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.15 README</span></td>
</tr>
</table>
@ -116,7 +116,7 @@ p,ul,td {font-size:10pt;}
<p>A comprehensive userguide is now available online and can be accessed from the following location:</p>
<p><a href="http://www.phpbb.com/support/guide/" target="_new">http://www.phpbb.com/guide/phpBB_Users_Guide.html</a></p>
<p><a href="http://www.phpbb.com/support/guide/" target="_new">http://www.phpbb.com/support/guide/</a></p>
<p>This covers everything from installation through setting permissions and managing users.</p>
@ -130,23 +130,19 @@ p,ul,td {font-size:10pt;}
<a name="irc"></a><h3 class="h3">3.iii Internet Relay Chat</h3>
<p>Another place you may find help is our IRC channel. This operates on the Openprojects IRC network, <b>irc.openprojects.net</b> and the channel is <b>#phpbb</b> and can be accessed by any good IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
<p>Another place you may find help is our IRC channel. This operates on the Freenode IRC network, <b>irc.freenode.net</b> and the channel is <b>#phpbb</b> and can be accessed by any good IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
<a name="status"></a><h2 class="h2"><u>4. Status of this version</u></h2>
<p>This is the second stable release of phpBB 2. The 2.0.x line is essentially feature frozen, point releases will see only bugs and such like fixed. Our next major release will be phpBB 2.2 and work is progressing on this (the unstable development version is 2.1). Please do not post questions asking when 2.2 will be available, no release date has been set. Feel free to suggest new features for phpBB 2.2, we already have a number of improvements in mind and these can be viewed using our task tracker:</p>
<p>This is the second stable release of phpBB 2. The 2.0.x line is essentially feature frozen, point releases will see only bugs and such like fixed. Our next major release will be phpBB 3.0 and work is progressing on this (the unstable development version is 2.1). Please do not post questions asking when 3.0 will be available, no release date has been set. phpBB 3.0 is now feature frozen, please feel free to suggest new features for phpBB 3.2 using our feature request tracker. We do not guarantee that all these will appear in 3.2 but we will do our best!:</p>
<p><a href="http://sourceforge.net/pm/task.php?group_project_id=13524&group_id=7885&func=browse" target="_new">http://sourceforge.net/pm/task.php?group_project_id=13524&group_id=7885</a></p>
<p>We do not guarantee that all these will appear in 2.2 but we will do our best! If your idea does not appear on this list please visit our feature request list:</p>
<p><a href="http://sourceforge.net/tracker/?atid=357885&group_id=7885&func=browse" target="_new">http://sourceforge.net/tracker/?atid=357885&group_id=7885</a></p>
<p><a href="http://sourceforge.net/tracker/?atid=580201&group_id=7885&func=browse" target="_new">http://sourceforge.net/tracker/?atid=580201&group_id=7885&func=browse</a></p>
<p>Before submitting your idea please <b>ensure</b> you have read through the entries in that list. If your idea is similar to an existing one please feel free to add a comment to it. Please <b>do not</b> submit duplicate suggestions!</p>
<p>For some suggestions we may ask for your feedback via our forums. For those interested in the development of phpBB 2.2 you should keep an eye on the community forums (particularly the Feature Discussion forum) where you may be able to influence the direction we take with certain new features. Finally you may like to visit our development forum to see how things are progressing:</p>
<p>For some suggestions we may ask for your feedback via our forums. For those interested in the development of phpBB 3.0 you should keep an eye on the community forums (particularly the Feature Discussion forum) where you may be able to influence the direction we take with certain new features. Finally you may like to visit our development forum to see how things are progressing:</p>
<p><a href="http://area51.phpbb.com/phpBB2/" target="_new">http://area51.phpbb.com/phpBB2/</a></p>
<p><a href="http://area51.phpbb.com/phpBB/" target="_new">http://area51.phpbb.com/phpBB/</a></p>
<p>Please note that this forum should <b>NOT</b> be used to obtain support for or ask questions about phpBB 2.0.x, the main community forums are the place for this. Any such posts will be locked and go unanswered.</p>
@ -177,9 +173,9 @@ p,ul,td {font-size:10pt;}
<a name="securitybugs"></a><h3 class="h3">5.i. Security related bugs</h3>
<p>If you find a potential security related vulnerability in phpBB 2 please <b>DO NOT</b> post it to the bug tracker, public forums, mailing lists, etc.! Doing so may allow unscrupulous users to take advantage of it before we have time to put a fix in place. All security related bugs should be sent directly to one or more of the developers.</p>
<p>If you find a potential security related vulnerability in phpBB 2 please <b>DO NOT</b> post it to the bug tracker, public forums, mailing lists, etc.! Doing so may allow unscrupulous users to take advantage of it before we have time to put a fix in place. All security related bugs should be sent to our security tracker:</p>
<p>This can be done in one of three ways; email <a href="mailto:security&#64;phpbb.com">security&#64;phpbb.com</a> this is forwarded to all developers, PM one of the developers (see Developer usergroup list for usernames of all developers) or email them directly (either use their listed email address if available or username&#64;phpbb.com where username is their board username). If emailing or PM'ing developers individually please send the message to several and not just one. If you obtain no response in a reasonable timeframe (a day or two) try the other listed developers.</p>
<p><a href="http://www.phpbb.com/security/" target="_new">http://www.phpbb.com/security/</a></p>
<a name="curbugs"></a><h2 class="h2"><u>6. Overview of current bug list</u></h2>
@ -191,16 +187,18 @@ p,ul,td {font-size:10pt;}
<li>By default cannot post very large messages with MSSQL (this can be configured within MSSQL)</li>
<li>Use of non-latin charsets with MSSQL may result in post data being cropped unexpectedly</li>
<li>Upgrade may fail to complete on large boards under some hosts</li>
<li>PHP 3 compatibility issues remain and we recommend you upgrade to PHP4 as soon as possible ( phpBB 2.0.x will be the last version to support PHP 3 and with the latest releases the minimum requirement is PHP 4.0.3 or above due to security implications )
<li>Case-sensitivity on usernames and emails with PostgreSQL 7.x. A fix is provided by a user <a href="http://www.phpbb.com/kb/article.php?article_id=201" target="_new">within our knowledge base</a></li>
</ul>
<a name="php"></a><h2 class="h2"><u>7. PHP compatibility issues</u></h2>
<p>phpBB is no longer supported on PHP3 due to several compatibility issues and we recommend that you upgrade to the latest stable release of PHP4 to run phpBB.</p>
<p>Please remember that running any application on a developmental version of PHP can lead to strange/unexpected results which may appear to be bugs in the application (which may not be true). Therefore we recommend you upgrade to the newest stable version of PHP before running phpBB 2. If you are running a developmental version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
<p>This board has been developed and tested under Linux and Windows (amongst others) running IIS and Apache using MySQL 3.23 and 4.0.0, MSSQL Server 2000, MS Access 2000 and XP and PostgreSQL 7.x. Versions of PHP used range from 4.0.6 to 4.3.8 without problem. There may be unconfirmed issues with PHP 4.0.1 including patch level releases. If you experience problems with phpBB and have this PHP version installed it is recommended you upgrade it before posting bug reports.</p>
<p>With the recent release of the official version of PHP 5, people and hosts may be switching to the latest PHP version. At this moment, the phpBB Team does not officially support running phpBB on PHP 5, as phpBB2.0.x was not written with PHP 5 in mind. However, many users have reported using it sucessfully on PHP 5 having made a configuration change in PHP to enable support for the deprecated HTTP_*_VARS arrays which is turned off by default in new PHP 5 installations. The relevant configuration option is register_long_arrays and it is decribed in the PHP Manual. phpBB 2.0.x makes use of these arrays in order to maintain backwards compatibility with PHP 3.x and early versions of PHP 4.x which is part of the original specification.<br />
<p>With the recent release of the official version of PHP 5, people and hosts may be switching to the latest PHP version. At this moment, the phpBB Team does not officially support running phpBB on PHP 5, as phpBB2.0.x was not written with PHP 5 in mind. However, many users have reported using it sucessfully on PHP 5 having made a configuration change in PHP to enable support for the deprecated HTTP_*_VARS arrays which is turned off by default in new PHP 5 installations. The relevant configuration option is register_long_arrays and it is decribed in the PHP Manual. phpBB 2.0.x makes use of these arrays in order to maintain backwards compatibility with early versions of PHP 4.x which is part of the original specification.<br />
For this reason we do not support PHP 5 as platform for phpBB. It has been reported working, so you can try it. It's a risk you will be taking though.</p>
<a name="phpsec"></a><h3 class="h3">7.i. Notice on PHP security issues</h3>

2
phpBB/groupcp.php
View file

@ -337,7 +337,7 @@ else if ( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending
message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . USER . "

24
phpBB/includes/sessions.php
View file

@ -24,7 +24,7 @@
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)
{
global $db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
@ -155,16 +155,18 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
WHERE session_id = '" . $session_id . "'
AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(uniqid($user_ip));
list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)";
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
@ -175,6 +177,8 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
if (!$admin)
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = $user_id";
@ -182,10 +186,11 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
{
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
}
$userdata['user_lastvisit'] = $last_visit;
$sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '';
$sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
$sessiondata['userid'] = $user_id;
}
@ -196,6 +201,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
$userdata['session_admin'] = $admin;
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
@ -285,8 +291,11 @@ function session_pagestart($user_ip, $thispage_id)
//
if ( $current_time - $userdata['session_time'] > 60 )
{
// A little trick to reset session_admin on session re-usage
$update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : '';
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
SET session_time = $current_time, session_page = $thispage_id$update_admin
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
@ -308,6 +317,7 @@ function session_pagestart($user_ip, $thispage_id)
// Delete expired sessions
//
$expiry_time = $current_time - $board_config['session_length'];
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";

2
phpBB/includes/smtp.php
View file

@ -106,7 +106,7 @@ function smtpmail($mail_to, $subject, $message, $headers = '')
// Ok we have error checked as much as we can to this point let's get on
// it already.
if( !$socket = fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )
if( !$socket = @fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )
{
message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__);
}

5
phpBB/includes/usercp_viewprofile.php
View file

@ -33,6 +33,11 @@ if ( empty($HTTP_GET_VARS[POST_USERS_URL]) || $HTTP_GET_VARS[POST_USERS_URL] ==
}
$profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]);
if (!$profiledata)
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
}
$sql = "SELECT *
FROM " . RANKS_TABLE . "
ORDER BY rank_special, rank_min";

BIN
phpBB/install/schemas/ms_access_primer.zip
View file

Binary file not shown.

2
phpBB/install/schemas/mssql_basic.sql
View file

@ -69,7 +69,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www.yourdomain.tld');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.14');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.15');
/*
-- Categories

3
phpBB/install/schemas/mssql_schema.sql
View file

@ -190,7 +190,8 @@ CREATE TABLE [phpbb_sessions] (
[session_time] [int] NULL ,
[session_ip] [char] (8) NOT NULL ,
[session_page] [int] NULL ,
[session_logged_in] [smallint] NULL
[session_logged_in] [smallint] NULL,
[session_admin] [smallint] NULL
) ON [PRIMARY]
GO

2
phpBB/install/schemas/mysql_basic.sql
View file

@ -62,7 +62,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www.myserver.tld');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.14');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.15');
# -- Categories

1
phpBB/install/schemas/mysql_schema.sql
View file

@ -305,6 +305,7 @@ CREATE TABLE phpbb_sessions (
session_ip char(8) DEFAULT '0' NOT NULL,
session_page int(11) DEFAULT '0' NOT NULL,
session_logged_in tinyint(1) DEFAULT '0' NOT NULL,
session_admin tinyint(2) DEFAULT '0' NOT NULL,
PRIMARY KEY (session_id),
KEY session_user_id (session_user_id),
KEY session_id_ip_user_id (session_id, session_ip, session_user_id)

2
phpBB/install/schemas/postgres_basic.sql
View file

@ -63,7 +63,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www.yourdomain.tld');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.14');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.15');
-- Categories
INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test category 1', 10);

1
phpBB/install/schemas/postgres_schema.sql
View file

@ -289,6 +289,7 @@ CREATE TABLE phpbb_sessions (
session_ip char(8) DEFAULT '0' NOT NULL,
session_page int4 DEFAULT '0' NOT NULL,
session_logged_in int2 DEFAULT '0' NOT NULL,
session_admin int2 DEFAULT '0' NOT NULL,
CONSTRAINT phpbb_session_pkey PRIMARY KEY (session_id)
);
CREATE INDEX session_user_id_phpbb_sessions_index ON phpbb_sessions (session_user_id);

45
phpBB/install/update_to_latest.php
View file

@ -59,7 +59,7 @@ include($phpbb_root_path . 'includes/db.'.$phpEx);
//
//
//
$updates_to_version = '.0.14';
$updates_to_version = '.0.15';
//
//
//
@ -515,6 +515,45 @@ switch ($row['config_value'])
break;
}
case '.0.5':
case '.0.6':
case '.0.7':
case '.0.8':
case '.0.9':
case '.0.10':
case '.0.11':
case '.0.12':
case '.0.13':
case '.0.14':
switch (SQL_LAYER)
{
case 'mysql':
case 'mysql4':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
ADD COLUMN session_admin tinyint(2) DEFAULT '0' NOT NULL";
break;
case 'postgresql':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
ADD COLUMN session_admin int2";
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . "
ALTER COLUMN session_admin SET DEFAULT '0'";
break;
case 'mssql-odbc':
case 'mssql':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . " ADD
session_admin smallint NOT NULL,
CONSTRAINT [DF_" . $table_prefix . "sessions_session_admin] DEFAULT (0) FOR [session_admin]";
break;
case 'msaccess':
$sql[] = "ALTER TABLE " . SESSIONS_TABLE . " ADD
session_admin smallint NOT NULL";
break;
}
break;
}
@ -915,6 +954,10 @@ switch ($row['config_value'])
$sql = 'UPDATE ' . USERS_TABLE . ' SET user_allowhtml = 1 WHERE user_id = ' . ANONYMOUS;
_sql($sql, $errored, $error_ary);
// We reset those having autologin enabled and forcing the re-assignment of a session id
$sql = 'DELETE FROM ' . SESSIONS_TABLE;
_sql($sql, $errored, $error_ary);
break;
default:

2
phpBB/language/lang_english/lang_main.php
View file

@ -1018,6 +1018,8 @@ $lang['Critical_Error'] = 'Critical Error';
$lang['An_error_occured'] = 'An Error Occurred';
$lang['A_critical_error'] = 'A Critical Error Occurred';
$lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.';
//
// That's all, Folks!
// -------------------------------------------------

10
phpBB/login.php
View file

@ -52,7 +52,7 @@ else
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
@ -77,7 +77,8 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
if( $session_id )
{
@ -158,7 +159,7 @@ else
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] )
if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
@ -207,12 +208,13 @@ else
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'USERNAME' => $username,
'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

2
phpBB/viewtopic.php
View file

@ -1107,7 +1107,7 @@ for($i = 0; $i < $total_posts; $i++)
{
// This was shamelessly 'borrowed' from volker at multiartstudio dot de
// via php.net's annotated manual
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', $highlight_match) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
}
//