makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Gone but not forgotten ... what's not forgotten? who said that? shut up Paul

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2672 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-07-14 14:43:31 +00:00
parent c4a926b4e2
commit d03de47b51
11 changed files with 5 additions and 3535 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

325
phpBB/includes/auth.php
View file

@ -1,325 +0,0 @@
<?php
/***************************************************************************
* auth.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
/*
$type's accepted (pre-pend with AUTH_):
VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE
Possible options ($type/forum_id combinations):
* If you include a type and forum_id then a specific lookup will be done and
the single result returned
* If you set type to AUTH_ALL and specify a forum_id an array of all auth types
will be returned
* If you provide a forum_id a specific lookup on that forum will be done
* If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the
results for all forums will be returned
* If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional
array containing the auth permissions for all types and all forums for that
user is returned
All results are returned as associative arrays, even when a single auth type is
specified.
If available you can send an array (either one or two dimensional) containing the
forum auth levels, this will prevent the auth function having to do its own
lookup
*/
function auth($type, $forum_id, $userdata, $f_access = '')
{
global $db, $lang;
switch( $type )
{
case AUTH_ALL:
$a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate';
$auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
break;
case AUTH_VIEW:
$a_sql = 'a.auth_view';
$auth_fields = array('auth_view');
break;
case AUTH_READ:
$a_sql = 'a.auth_read';
$auth_fields = array('auth_read');
break;
case AUTH_POST:
$a_sql = 'a.auth_post';
$auth_fields = array('auth_post');
break;
case AUTH_REPLY:
$a_sql = 'a.auth_reply';
$auth_fields = array('auth_reply');
break;
case AUTH_EDIT:
$a_sql = 'a.auth_edit';
$auth_fields = array('auth_edit');
break;
case AUTH_DELETE:
$a_sql = 'a.auth_delete';
$auth_fields = array('auth_delete');
break;
case AUTH_ANNOUNCE:
$a_sql = 'a.auth_announce';
$auth_fields = array('auth_announce');
break;
case AUTH_STICKY:
$a_sql = 'a.auth_sticky';
$auth_fields = array('auth_sticky');
break;
case AUTH_POLLCREATE:
$a_sql = 'a.auth_pollcreate';
$auth_fields = array('auth_pollcreate');
break;
case AUTH_VOTE:
$a_sql = 'a.auth_vote';
$auth_fields = array('auth_vote');
break;
case AUTH_ATTACH:
break;
default:
break;
}
//
// If f_access has been passed, or auth is needed to return an array of forums
// then we need to pull the auth information on the given forum (or all forums)
//
if ( empty($f_access) )
{
$forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = $forum_id" : '';
$sql = "SELECT a.forum_id, $a_sql
FROM " . FORUMS_TABLE . " a
$forum_match_sql";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
}
$sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset';
if ( !($f_access = $db->$sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'No forum access control lists exist', '', __LINE__, __FILE__, $sql);
}
$db->sql_freeresult($result);
}
//
// If the user isn't logged on then all we need do is check if the forum
// has the type set to ALL, if yes they are good to go, if not then they
// are denied access
//
$u_access = array();
if ( $userdata['session_logged_in'] )
{
$forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = $forum_id" : '';
$sql = "SELECT a.forum_id, $a_sql, a.auth_mod
FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
WHERE ug.user_id = ".$userdata['user_id']. "
AND ug.user_pending = 0
AND a.group_id = ug.group_id
$forum_match_sql";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
if ( $forum_id != AUTH_LIST_ALL)
{
$u_access[] = $row;
}
else
{
do
{
$u_access[$row['forum_id']][] = $row;
}
while( $row = $db->sql_fetchrow($result) );
}
}
}
$is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0;
$auth_user = array();
for($i = 0; $i < count($auth_fields); $i++)
{
$key = $auth_fields[$i];
//
// If the user is logged on and the forum type is either ALL or REG then the user has access
//
// If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions
// to do whatever it is they want to do ... to do this we pull relevant information for the
// user (and any groups they belong to)
//
// Now we compare the users access level against the forums. We assume here that a moderator
// and admin automatically have access to an ACL forum, similarly we assume admins meet an
// auth requirement of MOD
//
if ( $forum_id != AUTH_LIST_ALL )
{
$value = $f_access[$key];
switch( $value )
{
case AUTH_ALL:
$auth_user[$key] = TRUE;
$auth_user[$key . '_type'] = $lang['Auth_Anonymous_users'];
break;
case AUTH_REG:
$auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
$auth_user[$key . '_type'] = $lang['Auth_Registered_Users'];
break;
case AUTH_ACL:
$auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
$auth_user[$key . '_type'] = $lang['Auth_Users_granted_access'];
break;
case AUTH_MOD:
$auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
$auth_user[$key . '_type'] = $lang['Auth_Moderators'];
break;
case AUTH_ADMIN:
$auth_user[$key] = $is_admin;
$auth_user[$key . '_type'] = $lang['Auth_Administrators'];
break;
default:
$auth_user[$key] = 0;
break;
}
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$value = $f_access[$k][$key];
$f_forum_id = $f_access[$k]['forum_id'];
switch( $value )
{
case AUTH_ALL:
$auth_user[$f_forum_id][$key] = TRUE;
$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_users'];
break;
case AUTH_REG:
$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users'];
break;
case AUTH_ACL:
$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0;
$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access'];
break;
case AUTH_MOD:
$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators'];
break;
case AUTH_ADMIN:
$auth_user[$f_forum_id][$key] = $is_admin;
$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators'];
break;
default:
$auth_user[$f_forum_id][$key] = 0;
break;
}
}
}
}
//
// Is user a moderator?
//
if ( $forum_id != AUTH_LIST_ALL )
{
$auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
}
}
return $auth_user;
}
function auth_check_user($type, $key, $u_access, $is_admin)
{
$auth_user = 0;
if ( count($u_access) )
{
for($j = 0; $j < count($u_access); $j++)
{
$result = 0;
switch($type)
{
case AUTH_ACL:
$result = $u_access[$j][$key];
case AUTH_MOD:
$result = $result || $u_access[$j]['auth_mod'];
case AUTH_ADMIN:
$result = $result || $is_admin;
break;
}
$auth_user = $auth_user || $result;
}
}
else
{
$auth_user = $is_admin;
}
return $auth_user;
}
?>

684
phpBB/includes/auth_session.php
View file

@ -1,684 +0,0 @@
<?php
/***************************************************************************
* sessions.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2002 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
class session {
var $userdata;
function start($update = true)
{
global $SID, $db, $board_config, $user_ip;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
$current_time = time();
$session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT'];
$this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];
$this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] );
if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) )
{
$sessiondata = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : '';
$session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : '';
$sessionmethod = SESSION_METHOD_COOKIE;
}
else
{
$session_data = '';
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
//
// Load limit check (if applicable)
//
if ( !empty($board_config['limit_load']) && file_exists('/proc/loadavg') )
{
if ( $load = file('/proc/loadavg') )
{
$load = explode(' ', $load[0]);
if ( intval($load[0]) > $board_config['limit_load'] )
{
message_die(GENERAL_MESSAGE, 'Board_unavailable', 'Information');
}
}
}
if ( !empty($session_id) )
{
//
// session_id exists so go ahead and attempt to grab all data in preparation
//
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$this->userdata = $db->sql_fetchrow($result);
//
// Did the session exist in the DB?
//
if ( isset($this->userdata['user_id']) )
{
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s = explode('.', $this->userdata['session_ip']);
$ip_check_u = explode('.', $user_ip);
if ( $ip_check_s[0].'.'.$ip_check_s[1].'.'.$ip_check_s[2] == $ip_check_u[0].'.'.$ip_check_u[1].'.'.$ip_check_u[2] )
{
$SID = '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' );
//
// Only update session DB a minute or so after last update or if page changes
//
if ( ( $current_time - $this->userdata['session_time'] > 60 || $this->userdata['session_page'] != $this_page ) && $update )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = '$this_page'
WHERE session_id = '" . $this->userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
//
// Garbage collection ... remove old sessions updating user information
// if necessary
//
if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] )
{
$this->gc($current_time);
}
setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
setcookie($board_config['cookie_name'] . '_sid', $session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
}
$this->config();
return $this->userdata;
}
}
}
//
// If we reach here then no (valid) session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
//
$autologin = ( isset($sessiondata['autologinid']) ) ? $sessiondata['autologinid'] : '';
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS;
//
// Limit connections (for MySQL) or 5 minute sessions (for other DB's)
//
switch ( DB_LAYER )
{
case 'mysql':
case 'mysql4':
$sql = "SELECT COUNT(*) AS sessions
FROM " . SESSIONS_TABLE . "
WHERE session_time >= " . ( $current_time - 3600 );
break;
default:
$sql = "SELECT COUNT(*) AS sessions
FROM " . SESSIONS_TABLE . "
WHERE session_time >= " . ( $current_time - 3600 );
break;
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain connection information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow[$result];
if ( intval($board_config['active_sessions']) && $row['sessions'] >= intval($board_config['active_sessions']) )
{
message_die(GENERAL_MESSAGE, 'Board_unavailable', 'Information');
}
$sql = "SELECT *
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
}
$this->userdata = $db->sql_fetchrow($result);
//
// Check autologin request, is it valid?
//
if ( $this->userdata['user_password'] != $autologin || !$this->userdata['user_active'] || $user_id == ANONYMOUS )
{
$autologin = '';
$this->userdata['user_id'] = $user_id = ANONYMOUS;
}
$user_ip_parts = explode('.', $user_ip);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
WHERE ban_ip IN (
'" . $user_ip_parts[0] . ".',
'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . ".',
'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . ".',
'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . "." . $user_ip_parts[3] . "')
OR ban_userid = " . $this->userdata['user_id'];
if ( $user_id != ANONYMOUS )
{
$sql .= " OR ban_email LIKE '" . str_replace('\\\'', '\\\'\\\'', $this->userdata['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace('\\\'', '\\\'\\\'', $this->userdata['user_email']), strpos(str_replace('\\\'', '\\\'\\\'', $this->userdata['user_email']), '@')) . "'";
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}
if ( $ban_info = $db->sql_fetchrow($result) )
{
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
{
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}
//
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = '$this_page'
WHERE session_id = '$session_id'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_browser, session_page)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', '$session_browser', '$this_page')";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}
$SID = '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' );
$sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : '';
$sessiondata['userid'] = $user_id;
setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
setcookie($board_config['cookie_name'] . '_sid', $session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
$this->userdata['session_id'] = $session_id;
$this->config();
return $this->userdata;
}
function destroy($userdata)
{
global $SID, $db, $board_config, $user_ip;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) )
{
$session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : '';
}
else
{
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
}
//
// Delete existing session, update last visit info first!
//
$sql = "UPDATE " . USERS_TABLE . "
SET user_lastvisit = " . $userdata['session_time'] . ", user_session_page = '" . $userdata['session_page'] . "'
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_id = '" . $userdata['session_id'] . "'
AND session_user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
}
$SID = '?sid=';
setcookie($board_config['cookie_name'] . '_data', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
setcookie($board_config['cookie_name'] . '_sid', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
return true;
}
function gc($current_time)
{
global $db, $board_config, $user_ip;
$sql = "SELECT *
FROM " . SESSIONS_TABLE . "
WHERE session_time < " . ( $current_time - $board_config['session_length'] );
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql);
}
$del_session_id = '';
while ( $row = $db->sql_fetchrow($result) )
{
if ( $row['session_logged_in'] )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_lastvisit = " . $row['session_time'] . ", user_session_page = '" . $row['session_page'] . "'
WHERE user_id = " . $row['session_user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
}
}
$del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\'';
}
if ( $del_session_id != '' )
{
//
// Delete expired sessions
//
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_id IN ($del_session_id)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
}
$sql = "UPDATE " . CONFIG_TABLE . "
SET config_value = '$current_time'
WHERE config_name = 'session_last_gc'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql);
}
return;
}
function config()
{
global $db, $template, $lang, $board_config, $theme, $images;
global $phpEx, $phpbb_root_path;
if ( $this->userdata['user_id'] != ANONYMOUS )
{
if ( !empty($this->userdata['user_lang']))
{
$board_config['default_lang'] = $this->userdata['user_lang'];
}
if ( !empty($this->userdata['user_dateformat']) )
{
$board_config['default_dateformat'] = $this->userdata['user_dateformat'];
}
if ( isset($this->userdata['user_timezone']) )
{
$board_config['board_timezone'] = $this->userdata['user_timezone'];
}
}
if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) )
{
$board_config['default_lang'] = 'english';
}
include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx);
if ( defined('IN_ADMIN') )
{
if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) )
{
$board_config['default_lang'] = 'english';
}
include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.' . $phpEx);
}
//
// Set up style
//
$style = ( !$board_config['override_user_style'] && $this->userdata['user_id'] != ANONYMOUS && $this->userdata['user_style'] > 0 )? $this->userdata['user_style'] : $board_config['default_style'];
$sql = "SELECT s.style_name, s.template_name, c.css_data, c.css_extra_data
FROM " . STYLES_TABLE . " s, " . STYLES_CSS_TABLE . " c
WHERE s.style_id = $style
AND c.theme_id = s.style_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not query database for theme info');
}
if ( !($theme = $db->sql_fetchrow($result)) )
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
//
// Unserialize the extra data
//
$theme['css_extra_data'] = unserialize($theme['css_extra_data']);
$template_path = 'templates/' ;
$template_name = $theme['template_name'] ;
$template = new Template($phpbb_root_path . $template_path . $template_name);
if ( $template )
{
$current_template_path = $template_path . $template_name;
@include($phpbb_root_path . $template_path . $template_name . '/' . $template_name . '.cfg');
if ( !defined('TEMPLATE_CONFIG') )
{
message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__);
}
$img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english';
while ( list($key, $value) = @each($images) )
{
if ( !is_array($value) )
{
$images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value);
}
}
}
return;
}
}
//
// Note this doesn't use the prefetch at present and is very
// incomplete ... purely for testing ... will be keeping my
// eye of 'other products' to ensure these things don't
// mysteriously appear elsewhere, think up your own solutions!
//
class auth {
var $acl;
function auth($userdata)
{
global $db;
$sql = "SELECT ag.forum_id, ag.auth_allow_deny, ao.auth_option
FROM " . USER_GROUP_TABLE . " ug, " . ACL_GROUPS_TABLE . " ag, " . ACL_OPTIONS_TABLE . " ao
WHERE ug.user_id = " . $userdata['user_id'] . "
AND ag.group_id = ug.group_id
AND ao.auth_option_id = ag.auth_option_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
do
{
list($option_main, $option_type) = explode('_', $row['auth_option']);
$this->acl[$row['forum_id']][$option_main][$option_type] = $row['auth_allow_deny'];
}
while ( $row = $db->sql_fetchrow($result) );
}
$db->sql_freeresult($result);
$sql = "SELECT au.forum_id, au.auth_allow_deny, ao.auth_option
FROM " . ACL_USERS_TABLE . " au, " . ACL_OPTIONS_TABLE . " ao
WHERE au.user_id = " . $userdata['user_id'] . "
AND ao.auth_option_id = au.auth_option_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
do
{
list($option_main, $option_type) = explode('_', $row['auth_option']);
$this->acl[$row['forum_id']][$option_main][$option_type] = ( isset($this->acl[$row['forum_id']][$option_main][$option_type]) ) ? $this->acl[$row['forum_id']][$option_main][$option_type] && $row['auth_allow_deny'] : $row['auth_allow_deny'];
}
while ( $row = $db->sql_fetchrow($result) );
}
$db->sql_freeresult($result);
return;
}
function get_acl($forum_id = false, $auth_main = false, $auth_type = false)
{
if ( !$forum_id )
{
if ( !$auth_type && is_array($this->acl) )
{
@reset($this->acl);
while ( list(, $value1) = @each($this->acl) )
{
while ( list(, $value2) = @each($value1) )
{
while ( list(, $value3) = @each($value2) )
{
if ( $value3 )
{
return true;
}
}
}
}
return false;
}
else if ( !$auth_main && is_array($this->acl) )
{
@reset($this->acl);
while ( list(, $value1) = each($this->acl) )
{
while ( list(, $value2) = each($value1) )
{
if ( $value2[$auth_type] )
{
return true;
}
}
}
return false;
}
else
{
return $this->acl;
}
}
else if ( $auth_main && $auth_type )
{
return $this->acl[$forum_id][$auth_main][$auth_type];
}
else if ( !$auth_type && is_array($this->acl[$forum_id][$auth_main]) )
{
@reset($this->acl);
while ( list(, $value) = @each($this->acl[$forum_id][$auth_main]) )
{
if ( $value )
{
return true;
}
}
return false;
}
else if ( !$auth_main && is_array($this->acl[$forum_id]) )
{
@reset($this->acl);
while ( list(, $value) = each($this->acl[$forum_id]) )
{
if ( $value[$auth_type] )
{
return true;
}
}
return false;
}
else
{
return $this->acl[$forum_id];
}
}
function set_acl($ug_data, $forum_id = false, $auth_list = false, $dependencies = false)
{
global $db;
$dependencies = array_merge($dependencies, array(
'admin' => 'mod',
'mod' => 'forum')
);
}
}
//
// Centralised login? May stay, may not ... depends if needed
//
function login($username, $password, $autologin = false)
{
global $SID, $db, $board_config, $lang, $user_ip;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
$this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];
$this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] );
$result = false;
$sql = "SELECT user_id, username, user_password, user_email, user_active, user_level
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
// header($header_location . "index.$phpEx$SID");
// exit;
}
if ( $board_config['ldap_enable'] && extension_loaded('ldap') )
{
if ( !($ldap_id = @ldap_connect($board_config['ldap_hostname'])) )
{
//
// FINISH
//
@ldap_unbind($ldap_id);
}
}
else
{
if ( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($autologin) ) ? md5($password) : '';
$user_ip_parts = explode('.', $user_ip);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
WHERE ban_ip IN (
'" . $user_ip_parts[0] . ".',
'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . ".',
'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . ".',
'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . "." . $user_ip_parts[3] . "')
OR ban_userid = " . $row['user_id'];
if ( $user_id != ANONYMOUS )
{
$sql .= " OR ban_email LIKE '" . str_replace('\\\'', '\\\'\\\'', $row['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace('\\\'', '\\\'\\\'', $row['user_email']), strpos(str_replace('\\\'', '\\\'\\\'', $row['user_email']), '@')) . "'";
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}
if ( $ban_info = $db->sql_fetchrow($result) )
{
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
{
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}
$session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT'];
$current_time = time();
//
// Update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = " . $row['user_id'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = '$this_page'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update session post-login', '', __LINE__, __FILE__, $sql);
}
$sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : '';
$sessiondata['userid'] = $row['user_id'];
setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
setcookie($board_config['cookie_name'] . '_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
$result = true;
}
}
}
return $result;
}
?>

182
phpBB/includes/constants.php
View file

@ -1,182 +0,0 @@
<?php
/***************************************************************************
* constants.php
* -------------------
* begin : Saturday', Feb 13', 2001
* copyright : ('C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License', or
* ('at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
// Debug Level
//define('DEBUG', 1); // Debugging on
define('DEBUG', 0); // Debugging off
// User Levels <- Do not change the values of USER or ADMIN
define('DELETED', -1);
define('ANONYMOUS', -1);
define('USER', 0);
define('ADMIN', 1);
define('MOD', 2);
// User related
define('USER_ACTIVATION_NONE', 0);
define('USER_ACTIVATION_SELF', 1);
define('USER_ACTIVATION_ADMIN', 2);
define('USER_AVATAR_NONE', 0);
define('USER_AVATAR_UPLOAD', 1);
define('USER_AVATAR_REMOTE', 2);
define('USER_AVATAR_GALLERY', 3);
// Group settings
define('GROUP_OPEN', 0);
define('GROUP_CLOSED', 1);
define('GROUP_HIDDEN', 2);
// Forum state
define('FORUM_UNLOCKED', 0);
define('FORUM_LOCKED', 1);
// Topic status
define('TOPIC_UNLOCKED', 0);
define('TOPIC_LOCKED', 1);
define('TOPIC_MOVED', 2);
define('TOPIC_WATCH_NOTIFIED', 1);
define('TOPIC_WATCH_UN_NOTIFIED', 0);
// Topic types
define('POST_NORMAL', 0);
define('POST_STICKY', 1);
define('POST_ANNOUNCE', 2);
define('POST_GLOBAL_ANNOUNCE', 3);
// SQL codes
define('BEGIN_TRANSACTION', 1);
define('END_TRANSACTION', 2);
// Error codes
define('GENERAL_MESSAGE', 200);
define('GENERAL_ERROR', 202);
define('CRITICAL_MESSAGE', 203);
define('CRITICAL_ERROR', 204);
// Private messaging
define('PRIVMSGS_READ_MAIL', 0);
define('PRIVMSGS_NEW_MAIL', 1);
define('PRIVMSGS_SENT_MAIL', 2);
define('PRIVMSGS_SAVED_IN_MAIL', 3);
define('PRIVMSGS_SAVED_OUT_MAIL', 4);
define('PRIVMSGS_UNREAD_MAIL', 5);
// URL PARAMETERS
define('POST_TOPIC_URL', 't');
define('POST_CAT_URL', 'c');
define('POST_FORUM_URL', 'f');
define('POST_USERS_URL', 'u');
define('POST_POST_URL', 'p');
define('POST_GROUPS_URL', 'g');
// Session parameters
define('SESSION_METHOD_COOKIE', 100);
define('SESSION_METHOD_GET', 101);
// Page numbers for session handling
define('PAGE_INDEX', 0);
define('PAGE_LOGIN', -1);
define('PAGE_SEARCH', -2);
define('PAGE_REGISTER', -3);
define('PAGE_PROFILE', -4);
define('PAGE_VIEWONLINE', -6);
define('PAGE_VIEWMEMBERS', -7);
define('PAGE_FAQ', -8);
define('PAGE_POSTING', -9);
define('PAGE_PRIVMSGS', -10);
define('PAGE_GROUPCP', -11);
define('PAGE_TOPIC_OFFSET', 5000);
// Auth settings
define('AUTH_LIST_ALL', 0);
define('AUTH_ALL', 0);
define('AUTH_REG', 1);
define('AUTH_ACL', 2);
define('AUTH_MOD', 3);
define('AUTH_ADMIN', 5);
define('AUTH_VIEW', 1);
define('AUTH_READ', 2);
define('AUTH_POST', 3);
define('AUTH_REPLY', 4);
define('AUTH_EDIT', 5);
define('AUTH_DELETE', 6);
define('AUTH_ANNOUNCE', 7);
define('AUTH_STICKY', 8);
define('AUTH_POLLCREATE', 9);
define('AUTH_VOTE', 10);
define('AUTH_ATTACH', 11);
// Table names
define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access');
define('BANLIST_TABLE', $table_prefix.'banlist');
define('CATEGORIES_TABLE', $table_prefix.'categories');
define('CONFIG_TABLE', $table_prefix.'config');
define('DISALLOW_TABLE', $table_prefix.'disallow');
define('FORUMS_TABLE', $table_prefix.'forums');
define('FORUMS_WATCH_TABLE', $table_prefix.'forums_watch');
define('GROUPS_TABLE', $table_prefix.'groups');
define('POSTS_TABLE', $table_prefix.'posts');
define('POSTS_TEXT_TABLE', $table_prefix.'posts_text');
define('PRIVMSGS_TABLE', $table_prefix.'privmsgs');
define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text');
define('PRIVMSGS_IGNORE_TABLE', $table_prefix.'privmsgs_ignore');
define('PRUNE_TABLE', $table_prefix.'forum_prune');
define('RANKS_TABLE', $table_prefix.'ranks');
define('SEARCH_TABLE', $table_prefix.'search_results');
define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist');
define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch');
define('SESSIONS_TABLE', $table_prefix.'sessions');
define('SMILIES_TABLE', $table_prefix.'smilies');
define('THEMES_TABLE', $table_prefix.'themes');
define('THEMES_NAME_TABLE', $table_prefix.'themes_name');
define('TOPICS_TABLE', $table_prefix.'topics');
define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch');
define('USER_GROUP_TABLE', $table_prefix.'user_group');
define('USERS_TABLE', $table_prefix.'users');
define('WORDS_TABLE', $table_prefix.'words');
define('VOTE_DESC_TABLE', $table_prefix.'vote_desc');
define('VOTE_RESULTS_TABLE', $table_prefix.'vote_results');
define('VOTE_USERS_TABLE', $table_prefix.'vote_voters');
?>

66
phpBB/includes/db.php
View file

@ -1,66 +0,0 @@
<?php
/***************************************************************************
* db.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
switch($dbms)
{
case 'mysql':
include($phpbb_root_path . 'db/mysql.'.$phpEx);
break;
case 'mysql4':
include($phpbb_root_path . 'db/mysql4.'.$phpEx);
break;
case 'postgres':
include($phpbb_root_path . 'db/postgres7.'.$phpEx);
break;
case 'mssql':
include($phpbb_root_path . 'db/mssql.'.$phpEx);
break;
case 'oracle':
include($phpbb_root_path . 'db/oracle.'.$phpEx);
break;
case 'msaccess':
include($phpbb_root_path . 'db/msaccess.'.$phpEx);
break;
case 'mssql-odbc':
include($phpbb_root_path . 'db/mssql-odbc.'.$phpEx);
break;
}
// Make the database connection.
$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
if(!$db->db_connect_id)
{
message_die(CRITICAL_ERROR, "Could not connect to the database");
}
?>

907
phpBB/includes/functions_post.php
View file

@ -1,907 +0,0 @@
<?php
/***************************************************************************
* functions_post.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die('Hacking attempt');
}
$html_entities_match = array('#&#', '#<#', '#>#');
$html_entities_replace = array('&amp;', '&lt;', '&gt;');
$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');
//
// This function will prepare a posted message for
// entry into the database.
//
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
global $board_config;
global $html_entities_match, $html_entities_replace;
global $code_entities_match, $code_entities_replace;
//
// Clean up the message
//
$message = trim($message);
if ( $html_on )
{
$allowed_html_tags = split(',', $board_config['allow_html_tags']);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ( $start_html = strpos($message, '<', $start_html) )
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 )));
if ( $end_html = strpos($message, '>', $start_html) )
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 )
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) )
{
$tagallowed = true;
}
}
$tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if ( $end_html != strlen($message) && $tmp_message != '' )
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message);
}
else
{
$message = preg_replace($html_entities_match, $html_entities_replace, $message);
}
if( $bbcode_on && $bbcode_uid != '' )
{
$tmp_message = $message;
if ( ($match_count = preg_match_all('#^(.*?)\[code\](.*?)\[\/code\](.*?)$#is', $tmp_message, $match)) )
{
$code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#');
$code_entities_replace = array('&lt;', '&gt;', '&quot;', '&#58;', '&#91;', '&#93;', '&#40;', '&#41;', '&#123;', '&#125;');
$message = '';
for($i = 0; $i < $match_count; $i++)
{
$message .= $match[1][$i] . '[code]' . preg_replace($code_entities_match, $code_entities_replace, $match[2][$i]) . '[/code]';
$tmp_message = $match[3][$i];
}
$message .= $tmp_message;
}
$message = bbencode_first_pass($message, $bbcode_uid);
}
return $message;
}
function unprepare_message($message)
{
global $unhtml_specialchars_match, $unhtml_specialchars_replace;
return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message);
}
//
// Prepare a message for posting
//
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length)
{
global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
// Check username
if ( !empty($username) )
{
$username = htmlspecialchars(trim(strip_tags($username)));
if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$result = validate_username($username);
if ( $result['error'] )
{
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $result['error_msg'] : $result['error_msg'];
}
}
}
// Check subject
if ( !empty($subject) )
{
$subject = htmlspecialchars(trim($subject));
}
else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
// Check message
if ( !empty($message) )
{
$bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : '';
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
}
else if ( $mode != 'delete' && $mode != 'polldelete' )
{
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}
//
// Handle poll stuff
//
if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
$poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0;
if ( !empty($poll_title) )
{
$poll_title = htmlspecialchars(trim($poll_title));
}
if( !empty($poll_options) )
{
$temp_option_text = array();
while( list($option_id, $option_text) = @each($poll_options) )
{
$option_text = trim($option_text);
if ( !empty($option_text) )
{
$temp_option_text[$option_id] = htmlspecialchars($option_text);
}
}
$option_text = $temp_option_text;
if ( count($poll_options) < 2 )
{
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
}
else if ( count($poll_options) > $board_config['max_poll_options'] )
{
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
}
else if ( $poll_title == '' )
{
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
}
}
}
return;
}
//
// Post a new topic/reply/poll or edit existing post/poll
//
function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$current_time = time();
if ( $mode == 'newtopic' || $mode == 'reply' )
{
//
// Flood control
//
$where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id'];
$sql = "SELECT MAX(post_time) AS last_post_time
FROM " . POSTS_TABLE . "
WHERE $where_sql";
if ( $result = $db->sql_query($sql) )
{
if( $row = $db->sql_fetchrow($result) )
{
if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] )
{
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
}
}
}
}
else if ( $mode == 'editpost' )
{
remove_search_post($post_id);
}
if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
$topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0;
$sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if( $mode == 'newtopic' )
{
$topic_id = $db->sql_nextid();
}
}
$edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
$sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if( $mode != 'editpost' )
{
$post_id = $db->sql_nextid();
}
$sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject));
//
// Add poll
//
if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 )
{
$sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$delete_option_sql = '';
$old_poll_result = array();
if ( $mode == 'editpost' && $post_data['has_poll'] )
{
$sql = "SELECT vote_option_id, vote_result
FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_id = $poll_id
ORDER BY vote_option_id ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
$old_poll_result[$row['vote_option_id']] = $row['vote_result'];
if( !isset($poll_options[$row['vote_option_id']]) )
{
$delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
}
}
}
else
{
$poll_id = $db->sql_nextid();
}
@reset($poll_options);
$poll_option_id = 1;
while ( list($option_id, $option_text) = each($poll_options) )
{
if( !empty($option_text) )
{
$option_text = str_replace("\'", "''", $option_text);
$poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0;
$sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$poll_option_id++;
}
}
if( $delete_option_sql != '' )
{
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_option_id IN ($delete_option_sql)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
}
}
}
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">';
$message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
return false;
}
//
// Update post stats and details
//
function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id)
{
global $db;
$sign = ( $mode == 'delete' ) ? '- 1' : '+ 1';
$forum_update_sql = "forum_posts = forum_posts $sign";
$topic_update_sql = '';
if ( $mode == 'delete' )
{
if ( $post_data['last_post'] )
{
if ( $post_data['first_post'] )
{
$forum_update_sql .= ', forum_topics = forum_topics - 1';
}
else
{
$topic_update_sql .= "topic_replies = topic_replies - 1";
$sql = "SELECT MAX(post_id) AS post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$topic_update_sql .= ', topic_last_post_id = ' . $row['post_id'];
}
}
if ( $post_data['last_topic'] )
{
$sql = "SELECT MAX(post_id) AS post_id
FROM " . POSTS_TABLE . "
WHERE forum_id = $forum_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$forum_update_sql .= ( $row['post_id'] ) ? ', forum_last_post_id = ' . $row['post_id'] : ', forum_last_post_id = 0';
}
}
}
else if ( $post_data['first_post'] )
{
$sql = "SELECT MIN(post_id) AS post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['post_id'];
}
}
else
{
$topic_update_sql .= 'topic_replies = topic_replies - 1';
}
}
else if ( $mode != 'poll_delete' )
{
$forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" );
$topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" );
}
else
{
$topic_update_sql .= 'topic_vote = 0';
}
$sql = "UPDATE " . FORUMS_TABLE . " SET
$forum_update_sql
WHERE forum_id = $forum_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ( $topic_update_sql != '' )
{
$sql = "UPDATE " . TOPICS_TABLE . " SET
$topic_update_sql
WHERE topic_id = $topic_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
}
if ( $mode != 'poll_delete' )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_posts = user_posts $sign
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql, END_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
}
return;
}
//
// Delete a post/poll
//
function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$topic_update_sql = '';
if ( $mode != 'poll_delete' )
{
$sql = "DELETE FROM " . POSTS_TABLE . "
WHERE post_id = $post_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
WHERE post_id = $post_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "
WHERE post_id = $post_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$forum_update_sql = 'forum_posts = forum_posts - 1';
$topic_update_sql .= 'topic_replies = topic_replies - 1';
if ( $post_data['last_post'] )
{
if ( $post_data['first_post'] )
{
$sql = "DELETE FROM " . TOPICS_TABLE . "
WHERE topic_id = $topic_id
OR topic_moved_id = $topic_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
}
}
}
if( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] )
{
$sql = "DELETE FROM " . VOTE_DESC_TABLE . "
WHERE vote_id = $poll_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_id = $poll_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . VOTE_USERS_TABLE . "
WHERE vote_id = $poll_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
}
remove_search_post($post_id);
if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] )
{
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=" . $forum_id) . '">';
$message = $lang['Deleted'];
}
else
{
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=" . $topic_id) . '">';
$message = ( ( $mode == "poll_delete" ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
}
$message .= '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
return;
}
//
// Handle user notification on new post
//
function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$notify_user)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
$current_time = time();
if ( $mode == 'delete' )
{
$delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : "";
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql);
}
}
else
{
if ( $mode == 'reply' || $mode == 'newtopic' )
{
$sql = "SELECT ban_userid
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql);
}
$user_id_sql = '';
while ( $row = $db->sql_fetchrow($result) )
{
if ( isset($row['ban_userid']) )
{
$user_id_sql = ', ' . $row['ban_userid'];
}
}
$sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, f.forum_name
FROM " . FORUMS_WATCH_TABLE . " w, " . FORUMS_TABLE . " f, " . USERS_TABLE . " u
WHERE w.forum_id = $forum_id
AND w.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " )
AND w.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . "
AND f.forum_id = w.forum_id
AND u.user_id = w.user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain list of forum watchers', '', __LINE__, __FILE__, $sql);
}
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
$script_name_f = ( $script_name != '' ) ? $script_name . '/viewforum.'.$phpEx : 'viewforum.'.$phpEx;
$server_name = trim($board_config['server_name']);
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$update_watched_sql = '';
if ( $row = $db->sql_fetchrow($result) )
{
$forum_name = unprepare_message($row['forum_name']);
do
{
if ( $row['user_email'] != '' )
{
$emailer->use_template('forum_notify', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Topic_reply_notification']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'USERNAME' => $row['username'],
'SITENAME' => $board_config['sitename'],
'FORUM_NAME' => $forum_name,
'U_FORUM' => $server_protocol . $server_name . $server_port . $script_name_f . '?' . POST_FORUM_URL . "=$forum_id",
'U_STOP_WATCHING_FORUM' => $server_protocol . $server_name . $server_port . $script_name_f . '?' . POST_FORUM_URL . "=$forum_id&unwatch=forum")
);
$emailer->send();
$emailer->reset();
$update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id'];
}
}
while ( $row = $db->sql_fetchrow($result) );
}
if ( $update_watched_sql != '' )
{
$sql = "UPDATE " . FORUMS_WATCH_TABLE . "
SET notify_status = " . TOPIC_WATCH_NOTIFIED . "
WHERE forum_id = $forum_id
AND user_id IN ($update_watched_sql)";
$db->sql_query($sql);
}
if ( $mode == 'reply' )
{
$sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, t.topic_title
FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u
WHERE tw.topic_id = $topic_id
AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " )
AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . "
AND t.topic_id = tw.topic_id
AND u.user_id = tw.user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql);
}
$script_name_t = ( $script_name != '' ) ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx;
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$update_watched_sql = '';
if ( $row = $db->sql_fetchrow($result) )
{
$topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title']));
do
{
if ( $row['user_email'] != '' )
{
$emailer->use_template('topic_notify', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Topic_reply_notification']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'USERNAME' => $row['username'],
'SITENAME' => $board_config['sitename'],
'TOPIC_TITLE' => $topic_title,
'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name_t . '?' . POST_POST_URL . "=$post_id#$post_id",
'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name_t . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic")
);
$emailer->send();
$emailer->reset();
$update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id'];
}
}
while ( $row = $db->sql_fetchrow($result) );
}
if ( $update_watched_sql != '' )
{
$sql = "UPDATE " . TOPICS_WATCH_TABLE . "
SET notify_status = " . TOPIC_WATCH_NOTIFIED . "
WHERE topic_id = $topic_id
AND user_id IN ($update_watched_sql)";
$db->sql_query($sql);
}
}
}
$sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ( !$notify_user && !empty($row['topic_id']) )
{
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id = " . $userdata['user_id'];
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql);
}
}
else if ( $notify_user && empty($row['topic_id']) )
{
$sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
}
}
}
}
//
// Fill smiley templates (or just the variables) with smileys
// Either in a window or inline
//
function generate_smilies($mode, $page_id)
{
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $user_ip, $session_length, $starttime;
global $userdata;
$inline_columns = 4;
$inline_rows = 5;
$window_columns = 8;
if ( $mode == 'window' )
{
$userdata = session_pagestart($user_ip, $page_id);
init_userprefs($userdata);
$gen_simple_header = TRUE;
$page_title = $lang['Review_topic'] . " - $topic_title";
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'smiliesbody' => 'posting_smilies.tpl')
);
}
$sql = "SELECT emoticon, code, smile_url
FROM " . SMILIES_TABLE . "
ORDER BY smilies_id";
if ( $result = $db->sql_query($sql) )
{
$num_smilies = 0;
$rowset = array();
while ( $row = $db->sql_fetchrow($result) )
{
if ( empty($rowset[$row['smile_url']]) )
{
$rowset[$row['smile_url']]['code'] = str_replace('\\', '\\\\', str_replace("'", "\\'", $row['code']));
$rowset[$row['smile_url']]['emoticon'] = $row['emoticon'];
$num_smilies++;
}
}
if ( $num_smilies )
{
$smilies_count = ( $mode == 'inline' ) ? min(19, $num_smilies) : $num_smilies;
$smilies_split_row = ( $mode == 'inline' ) ? $inline_columns - 1 : $window_columns - 1;
$s_colspan = 0;
$row = 0;
$col = 0;
while ( list($smile_url, $data) = @each($rowset) )
{
if ( !$col )
{
$template->assign_block_vars('smilies_row', array());
}
$template->assign_block_vars('smilies_row.smilies_col', array(
'SMILEY_CODE' => $data['code'],
'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url,
'SMILEY_DESC' => $data['emoticon'])
);
$s_colspan = max($s_colspan, $col + 1);
if ( $col == $smilies_split_row )
{
if ( $mode == 'inline' && $row == $inline_rows - 1 )
{
break;
}
$col = 0;
$row++;
}
else
{
$col++;
}
}
if ( $mode == 'inline' && $num_smilies > $inline_rows * $inline_columns )
{
$template->assign_block_vars('switch_smilies_extra', array());
$template->assign_vars(array(
'L_MORE_SMILIES' => $lang['More_emoticons'],
'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies"))
);
}
$template->assign_vars(array(
'L_EMOTICONS' => $lang['Emoticons'],
'L_CLOSE_WINDOW' => $lang['Close_window'],
'S_SMILIES_COLSPAN' => $s_colspan)
);
}
}
if ( $mode == 'window' )
{
$template->pparse('smiliesbody');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
?>

498
phpBB/includes/functions_search.php
View file

@ -1,498 +0,0 @@
<?php
/***************************************************************************
* functions_search.php
* -------------------
* begin : Wed Sep 05 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
****************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
{
// Weird, $init_match doesn't work with static when double quotes (") are used...
static $drop_char_match = array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!');
static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ', ' ', ' ');
$entry = ' ' . strip_tags(strtolower($entry)) . ' ';
if ( $mode == 'post' )
{
// Replace line endings by a space
$entry = preg_replace('/[\n\r]/is', ' ', $entry);
// HTML entities like &nbsp;
$entry = preg_replace('/\b&[a-z]+;\b/', ' ', $entry);
// Remove URL's
$entry = preg_replace('/\b[a-z0-9]+:\/\/[a-z0-9\.\-]+(\/[a-z0-9\?\.%_\-\+=&\/]+)?/', ' ', $entry);
// Quickly remove BBcode.
$entry = preg_replace('/\[img:[a-z0-9]{10,}\].*?\[\/img:[a-z0-9]{10,}\]/', ' ', $entry);
$entry = preg_replace('/\[\/?url(=.*?)?\]/', ' ', $entry);
$entry = preg_replace('/\[\/?[a-z\*=\+\-]+(\:?[0-9a-z]+)?:[a-z0-9]{10,}(\:[a-z0-9]+)?=?.*?\]/', ' ', $entry);
}
else if ( $mode == 'search' )
{
$entry = str_replace('+', ' and ', $entry);
$entry = str_replace('-', ' not ', $entry);
}
// Replace numbers on their own
$entry = preg_replace('/\b[0-9]+\b/', ' ', $entry);
//
// Filter out strange characters like ^, $, &, change "it's" to "its"
//
for($i = 0; $i < count($drop_char_match); $i++)
{
$entry = str_replace($drop_char_match[$i], $drop_char_replace[$i], $entry);
}
if ( $mode == 'post' )
{
$entry = str_replace('*', ' ', $entry);
// 'words' that consist of <=3 or >=25 characters are removed.
$entry = preg_replace('/\b([a-z0-9]{1,3}|[a-z0-9]{20,})\b/',' ', $entry);
}
if ( !empty($stopword_list) )
{
for ($j = 0; $j < count($stopword_list); $j++)
{
$stopword = trim($stopword_list[$j]);
if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) )
{
$entry = preg_replace('#\b' . preg_quote($stopword) . '\b#', ' ', $entry);
}
}
}
if ( !empty($synonym_list) )
{
for ($j = 0; $j < count($synonym_list); $j++)
{
list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j])));
if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) )
{
$entry = preg_replace('#\b' . trim($match_synonym) . '\b#', ' ' . trim($replace_synonym) . ' ', $entry);
}
}
}
return $entry;
}
function split_words(&$entry, $mode = 'post')
{
if ( $mode == 'post' )
{
preg_match_all("/\b(\w[\w']*\w+|\w+?)\b/", $entry, $split_entries);
}
else
{
preg_match_all('/(\*?[a-z0-9]+\*?)|\b([a-z0-9]+)\b/', $entry, $split_entries);
}
return $split_entries[1];
}
function add_search_words($post_id, $post_text, $post_title = '')
{
global $db, $phpbb_root_path, $board_config, $lang;
$stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt");
$synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt");
$search_raw_words = array();
$search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array));
$search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array));
$word = array();
$word_insert_sql = array();
while ( list($word_in, $search_matches) = @each($search_raw_words) )
{
$word_insert_sql[$word_in] = '';
if ( !empty($search_matches) )
{
for ($i = 0; $i < count($search_matches); $i++)
{
$search_matches[$i] = trim($search_matches[$i]);
if( $search_matches[$i] != '' )
{
$word[] = $search_matches[$i];
if ( !strstr($word_insert_sql[$word_in], "'" . $search_matches[$i] . "'") )
{
$word_insert_sql[$word_in] .= ( $word_insert_sql[$word_in] != "" ) ? ", '" . $search_matches[$i] . "'" : "'" . $search_matches[$i] . "'";
}
}
}
}
}
if ( count($word) )
{
sort($word);
$prev_word = '';
$word_text_sql = '';
$temp_word = array();
for($i = 0; $i < count($word); $i++)
{
if ( $word[$i] != $prev_word )
{
$temp_word[] = $word[$i];
$word_text_sql .= ( ( $word_text_sql != '' ) ? ', ' : '' ) . "'" . $word[$i] . "'";
}
$prev_word = $word[$i];
}
$word = $temp_word;
$check_words = array();
switch( SQL_LAYER )
{
case 'postgresql':
case 'msaccess':
case 'mssql-odbc':
case 'oracle':
case 'db2':
$sql = "SELECT word_id, word_text
FROM " . SEARCH_WORD_TABLE . "
WHERE word_text IN ($word_text_sql)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select words', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
$check_words[$row['word_text']] = $row['word_id'];
}
break;
}
$value_sql = '';
$match_word = array();
for ($i = 0; $i < count($word); $i++)
{
$new_match = true;
if ( isset($check_words[$word[$i]]) )
{
$new_match = false;
}
if ( $new_match )
{
switch( SQL_LAYER )
{
case 'mysql':
case 'mysql4':
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\')';
break;
case 'mssql':
$value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "'";
break;
default:
$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text)
VALUES ('" . $word[$i] . "')";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql);
}
break;
}
}
}
if ( $value_sql != '' )
{
switch ( SQL_LAYER )
{
case 'mysql':
case 'mysql4':
$sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text)
VALUES $value_sql";
break;
case 'mssql':
$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text)
$value_sql";
break;
}
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql);
}
}
}
while( list($word_in, $match_sql) = @each($word_insert_sql) )
{
$title_match = ( $word_in == 'title' ) ? 1 : 0;
if ( $match_sql != '' )
{
$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
SELECT $post_id, word_id, $title_match
FROM " . SEARCH_WORD_TABLE . "
WHERE word_text IN ($match_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new word matches', '', __LINE__, __FILE__, $sql);
}
}
}
if ( $mode == 'single' )
{
remove_common('single', 0.4, $word);
}
return;
}
//
// Check if specified words are too common now
//
function remove_common($mode, $fraction, $word_id_list = array())
{
global $db;
$sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ( $row['total_posts'] >= 100 )
{
$common_threshold = floor($row['total_posts'] * $fraction);
if ( $mode == 'single' && count($word_id_list) )
{
$word_id_sql = '';
for($i = 0; $i < count($word_id_list); $i++)
{
$word_id_sql .= ( ( $word_id_sql != '' ) ? ', ' : '' ) . "'" . $word_id_list[$i] . "'";
}
$sql = "SELECT m.word_id
FROM " . SEARCH_MATCH_TABLE . " m, " . SEARCH_WORD_TABLE . " w
WHERE w.word_text IN ($word_id_sql)
AND m.word_id = w.word_id
GROUP BY m.word_id
HAVING COUNT(m.word_id) > $common_threshold";
}
else
{
$sql = "SELECT word_id
FROM " . SEARCH_MATCH_TABLE . "
GROUP BY word_id
HAVING COUNT(word_id) > $common_threshold";
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain common word list', '', __LINE__, __FILE__, $sql);
}
$common_word_id = '';
while ( $row = $db->sql_fetchrow($result) )
{
$common_word_id .= ( ( $common_word_id != '' ) ? ', ' : '' ) . $row['word_id'];
}
$db->sql_freeresult($result);
if ( $common_word_id != '' )
{
$sql = "UPDATE " . SEARCH_WORD_TABLE . "
SET word_common = " . TRUE . "
WHERE word_id IN ($common_word_id)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete word list entry', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "
WHERE word_id IN ($common_word_id)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete word match entry', '', __LINE__, __FILE__, $sql);
}
}
}
return $word_count;
}
function remove_search_post($post_id_sql)
{
global $db;
$words_removed = false;
switch ( SQL_LAYER )
{
case 'mysql':
case 'mysql4':
$sql = "SELECT word_id
FROM " . SEARCH_MATCH_TABLE . "
WHERE post_id IN ($post_id_sql)
GROUP BY word_id";
if ( $result = $db->sql_query($sql) )
{
$word_id_sql = '';
while ( $row = $db->sql_fetchrow($result) )
{
$word_id_sql .= ( $word_id_sql != '' ) ? ', ' . $row['word_id'] : $row['word_id'];
}
$sql = "SELECT word_id
FROM " . SEARCH_MATCH_TABLE . "
WHERE word_id IN ($word_id_sql)
GROUP BY word_id
HAVING COUNT(word_id) = 1";
if ( $result = $db->sql_query($sql) )
{
$word_id_sql = '';
while ( $row = $db->sql_fetchrow($result) )
{
$word_id_sql .= ( $word_id_sql != '' ) ? ', ' . $row['word_id'] : $row['word_id'];
}
if ( $word_id_sql != '' )
{
$sql = "DELETE FROM " . SEARCH_WORD_TABLE . "
WHERE word_id IN ($word_id_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete word list entry', '', __LINE__, __FILE__, $sql);
}
$words_removed = $db->sql_affectedrows();
}
}
}
break;
default:
$sql = "DELETE FROM " . SEARCH_WORD_TABLE . "
WHERE word_id IN (
SELECT word_id
FROM " . SEARCH_MATCH_TABLE . "
WHERE word_id IN (
SELECT word_id
FROM " . SEARCH_MATCH_TABLE . "
WHERE post_id IN ($post_id_sql)
GROUP BY word_id
)
GROUP BY word_id
HAVING COUNT(word_id) = 1
)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old words from word table', '', __LINE__, __FILE__, $sql);
}
$words_removed = $db->sql_affectedrows();
break;
}
$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "
WHERE post_id IN ($post_id_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
return $words_removed;
}
//
// Username search
//
function username_search($search_match)
{
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $starttime, $gen_simple_header;
$gen_simple_header = TRUE;
$username_list = '';
if ( !empty($search_match) )
{
$username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match)));
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "'
ORDER BY username";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
do
{
$username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>';
}
while ( $row = $db->sql_fetchrow($result) );
}
else
{
$username_list .= '<option>' . $lang['No_match']. '</option>';
}
$db->sql_freeresult($result);
}
$page_title = $lang['Search'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'search_user_body' => 'search_username.tpl')
);
$template->assign_vars(array(
'USERNAME' => ( !empty($search_match) ) ? $search_match : '',
'L_CLOSE_WINDOW' => $lang['Close_window'],
'L_SEARCH_USERNAME' => $lang['Find_username'],
'L_UPDATE_USERNAME' => $lang['Select_username'],
'L_SELECT' => $lang['Select'],
'L_SEARCH' => $lang['Search'],
'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'],
'L_CLOSE_WINDOW' => $lang['Close_window'],
'S_USERNAME_OPTIONS' => $username_list,
'S_SEARCH_ACTION' => append_sid("search.$phpEx?mode=searchuser"))
);
if ( $username_list != '' )
{
$template->assign_block_vars('switch_select_name', array());
}
$template->pparse('search_user_body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
return;
}
?>

111
phpBB/includes/functions_selects.php
View file

@ -1,111 +0,0 @@
<?php
/***************************************************************************
* function_selects.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
//
// Pick a language, any language ...
//
function language_select($default, $select_name = "language", $dirname="language")
{
global $phpEx;
$dir = opendir($dirname);
$lang = array();
while ( $file = readdir($dir) )
{
if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) )
{
$filename = trim(str_replace("lang_", "", $file));
$displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename);
$displayname = preg_replace("/\[(.*?)_(.*)\]/", "[ \\1 - \\2 ]", $displayname);
$lang[$displayname] = $filename;
}
}
closedir($dir);
@asort($lang);
@reset($lang);
$lang_select = '<select name="' . $select_name . '">';
while ( list($displayname, $filename) = @each($lang) )
{
$selected = ( strtolower($default) == strtolower($filename) ) ? ' selected="selected"' : '';
$lang_select .= '<option value="' . $filename . '"' . $selected . '>' . ucwords($displayname) . '</option>';
}
$lang_select .= '</select>';
return $lang_select;
}
//
// Pick a template/theme combo,
//
function style_select($default_style, $select_name = "style", $dirname = "templates")
{
global $db;
$sql = "SELECT themes_id, style_name
FROM " . THEMES_TABLE . "
ORDER BY template_name, themes_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't query themes table", "", __LINE__, __FILE__, $sql);
}
$style_select = '<select name="' . $select_name . '">';
while ( $row = $db->sql_fetchrow($result) )
{
$selected = ( $row['themes_id'] == $default_style ) ? ' selected="selected"' : '';
$style_select .= '<option value="' . $row['themes_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>';
}
$style_select .= "</select>";
return $style_select;
}
//
// Pick a timezone
//
function tz_select($default, $select_name = 'timezone')
{
global $sys_timezone, $lang;
if ( !isset($default) )
{
$default == $sys_timezone;
}
$tz_select = '<select name="' . $select_name . '">';
while( list($offset, $zone) = @each($lang['tz']) )
{
$selected = ( $offset == $default ) ? ' selected="selected"' : '';
$tz_select .= '<option value="' . $offset . '"' . $selected . '>' . $zone . '</option>';
}
$tz_select .= '</select>';
return $tz_select;
}
?>

159
phpBB/includes/prune.php
View file

@ -1,159 +0,0 @@
<?php
/***************************************************************************
* prune.php
* -------------------
* begin : Thursday, June 14, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
require($phpbb_root_path . 'includes/functions_search.'.$phpEx);
function prune($forum_id, $prune_date)
{
global $db, $lang;
//
// Those without polls ...
//
$sql = "SELECT t.topic_id
FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t
WHERE t.forum_id = $forum_id
AND t.topic_vote = 0
AND t.topic_type <> " . POST_ANNOUNCE . "
AND ( p.post_id = t.topic_last_post_id
OR t.topic_last_post_id = 0 )";
if ( $prune_date != '' )
{
$sql .= " AND p.post_time < $prune_date";
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain lists of topics to prune', '', __LINE__, __FILE__, $sql);
}
$sql_topics = '';
while( $row = $db->sql_fetchrow($result) )
{
$sql_topics .= ( ( $sql_topics != '' ) ? ', ' : '' ) . $row['topic_id'];
}
if( $sql_topics != '' )
{
$sql = "SELECT post_id
FROM " . POSTS_TABLE . "
WHERE forum_id = $forum_id
AND topic_id IN ($sql_topics)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain list of posts to prune', '', __LINE__, __FILE__, $sql);
}
$sql_post = '';
while ( $row = $db->sql_fetchrow($result) )
{
$sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id'];
}
if ( $sql_post != '' )
{
$sql = "DELETE FROM " . TOPICS_TABLE . "
WHERE topic_id IN ($sql_topics)";
if ( !$db->sql_query($sql, BEGIN_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql);
}
$pruned_topics = $db->sql_affectedrows();
$sql = "DELETE FROM " . POSTS_TABLE . "
WHERE post_id IN ($sql_post)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete post_text during prune', '', __LINE__, __FILE__, $sql);
}
$pruned_posts = $db->sql_affectedrows();
$sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
WHERE post_id IN ($sql_post)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete post during prune', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "
WHERE post_id IN ($sql_post)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete search matches', '', __LINE__, __FILE__, $sql);
}
remove_search_post($sql_post);
return array ('topics' => $pruned_topics, 'posts' => $pruned_posts);
}
}
return array('topics' => 0, 'posts' => 0);
}
//
// Function auto_prune(), this function will read the configuration data from
// the auto_prune table and call the prune function with the necessary info.
//
function auto_prune($forum_id = 0)
{
global $db, $lang;
$sql = "SELECT *
FROM " . PRUNE_TABLE . "
WHERE forum_id = $forum_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not read auto_prune table', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
if ( $row['prune_freq'] && $row['prune_days'] )
{
$prune_date = time() - ( $row['prune_days'] * 86400 );
$next_prune = time() + ( $row['prune_freq'] * 86400 );
prune($forum_id, $prune_date);
sync('forum', $forum_id);
$sql = "UPDATE " . FORUMS_TABLE . "
SET prune_next = $next_prune
WHERE forum_id = $forum_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update forum table', '', __LINE__, __FILE__, $sql);
}
}
}
return;
}
?>

403
phpBB/includes/sessions.php
View file

@ -1,403 +0,0 @@
<?php
/***************************************************************************
* sessions.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
{
global $db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$SID = '?sid=';
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : '';
$sessionmethod = SESSION_METHOD_COOKIE;
}
else
{
$sessiondata = '';
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
$last_visit = 0;
$current_time = time();
$expiry_time = $current_time - $board_config['session_length'];
//
// Try and pull the last time stored in a cookie, if it exists
//
$sql = "SELECT *
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
if ( $user_id != ANONYMOUS )
{
$auto_login_key = $userdata['user_password'];
if ( $auto_create )
{
if ( isset($sessiondata['autologinid']) && $userdata['user_active'] )
{
// We have to login automagically
if( $sessiondata['autologinid'] == $auto_login_key )
{
// autologinid matches password
$login = 1;
$enable_autologin = 1;
}
else
{
// No match; don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = ANONYMOUS;
}
}
else
{
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = ANONYMOUS;
}
}
else
{
$login = 1;
}
}
else
{
$login = 0;
$enable_autologin = 0;
}
//
// Initial ban check against user id, IP and email address
//
$user_ip_parts = explode('.', $user_ip);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . ".256', '" . $user_ip_parts[1] . $user_ip_parts[2] . ".256.256', '" . $user_ip_parts[1] . "256.256.256')
OR ban_userid = $user_id";
if ( $user_id != ANONYMOUS )
{
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $row['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $row['user_email']), strpos(str_replace("\'", "''", $row['user_email']), "@")) . "'";
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}
if ( $ban_info = $db->sql_fetchrow($result) )
{
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
{
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}
//
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
WHERE session_id = '" . $session_id . "'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}
if ( $user_id != ANONYMOUS )
{
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
$userdata['user_lastvisit'] = $last_visit;
$sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '';
$sessiondata['userid'] = $user_id;
}
$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '';
return $userdata;
}
//
// Checks for a given user session, tidies session table and updates user
// sessions at each page refresh
//
function session_pagestart($user_ip, $thispage_id)
{
global $db, $lang, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
unset($userdata);
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$SID = '?sid=';
$current_time = time();
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : '';
$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessionmethod = SESSION_METHOD_COOKIE;
}
else
{
$session_data = '';
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
//
// Does a session exist?
//
if ( !empty($session_id) )
{
//
// session_id exists so go ahead and attempt to grab all
// data in preparation
//
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
//
// Did the session exist in the DB?
//
if ( isset($userdata['user_id']) )
{
$SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '';
//
// Only update session DB a minute or so after last update
//
if ( $current_time - $userdata['session_time'] > 60 || $userdata['session_page'] != $thispage_id )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] )
{
session_gc($session_id, $current_time);
}
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
return $userdata;
}
}
//
// If we reach here then no (valid) session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
//
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS;
if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) )
{
message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql);
}
return $userdata;
}
//
// session_end closes out a session deleting the corresponding entry
// in the sessions table
//
function session_end($session_id, $user_id)
{
global $db, $lang, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$SID = '?sid=';
//
// Pull cookiedata or grab the URI propagated sid
//
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) )
{
$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
}
else
{
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
}
//
// Delete existing session
//
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_id = '$session_id'
AND session_user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
}
setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
return true;
}
function session_gc($session_id, $current_time)
{
global $db, $board_config;
$sql = "SELECT *
FROM " . SESSIONS_TABLE . "
WHERE session_time < " . ( $current_time - $board_config['session_length'] );
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql);
}
$del_session_id = '';
while ( $row = $db->sql_fetchrow($result) )
{
if ( $row['session_logged_in'] )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . "
WHERE user_id = " . $row['session_user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
}
}
$del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\'';
}
if ( $del_session_id != '' )
{
//
// Delete expired sessions
//
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_id IN ($del_session_id)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
}
$sql = "UPDATE " . CONFIG_TABLE . "
SET config_value = '$current_time'
WHERE config_name = 'session_last_gc'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql);
}
return;
}
//
// Append $SID to a url. Borrowed from phplib and modified.
//
// This routine is doomed I think, instead we just set a URL$SID for
// appropriate URLs rather than this append stuff. For the time being
// this change will break URL based session propagation
//
function append_sid($url, $non_html_amp = false)
{
global $SID;
return $url;
}
?>

192
phpBB/includes/sql_parse.php
View file

@ -1,192 +0,0 @@
<?php
/***************************************************************************
* sql_parse.php
* -------------------
* begin : Thu May 31, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
****************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
/***************************************************************************
*
* These functions are mainly for use in the db_utilities under the admin
* however in order to make these functions available elsewhere, specifically
* in the installation phase of phpBB I have seperated out a couple of
* functions into this file. JLH
*
\***************************************************************************/
//
// remove_comments will strip the sql comment lines out of an uploaded sql file
// specifically for mssql and postgres type files in the install....
//
function remove_comments(&$output)
{
$lines = explode("\n", $output);
$output = "";
// try to keep mem. use down
$linecount = count($lines);
$in_comment = false;
for($i = 0; $i < $linecount; $i++)
{
if( preg_match("/^\/\*/", preg_quote($lines[$i])) )
{
$in_comment = true;
}
if( !$in_comment )
{
$output .= $lines[$i] . "\n";
}
if( preg_match("/\*\/$/", preg_quote($lines[$i])) )
{
$in_comment = false;
}
}
unset($lines);
return $output;
}
//
// remove_remarks will strip the sql comment lines out of an uploaded sql file
//
function remove_remarks($sql)
{
$lines = explode("\n", $sql);
// try to keep mem. use down
$sql = "";
$linecount = count($lines);
$output = "";
for ($i = 0; $i < $linecount; $i++)
{
if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0))
{
if ($lines[$i][0] != "#")
{
$output .= $lines[$i] . "\n";
}
else
{
$output .= "\n";
}
// Trading a bit of speed for lower mem. use here.
$lines[$i] = "";
}
}
return $output;
}
//
// split_sql_file will split an uploaded sql file into single sql statements.
// Note: expects trim() to have already been run on $sql.
//
function split_sql_file($sql, $delimiter)
{
// Split up our string into "possible" SQL statements.
$tokens = explode($delimiter, $sql);
// try to save mem.
$sql = "";
$output = array();
// we don't actually care about the matches preg gives us.
$matches = array();
// this is faster than calling count($oktens) every time thru the loop.
$token_count = count($tokens);
for ($i = 0; $i < $token_count; $i++)
{
// Don't wanna add an empty string as the last thing in the array.
if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0)))
{
// This is the total number of single quotes in the token.
$total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
// If the number of unescaped quotes is even, then the delimiter did NOT occur inside a string literal.
if (($unescaped_quotes % 2) == 0)
{
// It's a complete sql statement.
$output[] = $tokens[$i];
// save memory.
$tokens[$i] = "";
}
else
{
// incomplete sql statement. keep adding tokens until we have a complete one.
// $temp will hold what we have so far.
$temp = $tokens[$i] . $delimiter;
// save memory..
$tokens[$i] = "";
// Do we have a complete statement yet?
$complete_stmt = false;
for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++)
{
// This is the total number of single quotes in the token.
$total_quotes = preg_match_all("/'/", $tokens[$j], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
if (($unescaped_quotes % 2) == 1)
{
// odd number of unescaped quotes. In combination with the previous incomplete
// statement(s), we now have a complete statement. (2 odds always make an even)
$output[] = $temp . $tokens[$j];
// save memory.
$tokens[$j] = "";
$temp = "";
// exit the loop.
$complete_stmt = true;
// make sure the outer loop continues at the right point.
$i = $j;
}
else
{
// even number of unescaped quotes. We still don't have a complete statement.
// (1 odd and 1 even always make an odd)
$temp .= $tokens[$j] . $delimiter;
// save memory.
$tokens[$j] = "";
}
} // for..
} // else
}
}
return $output;
}
?>

13
phpBB/includes/topic_review.php
View file

@ -23,7 +23,7 @@
function topic_review($topic_id, $is_inline_review) function topic_review($topic_id, $is_inline_review)
{ {
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; global $SID, $session, $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $userdata, $user_ip; global $userdata, $user_ip;
global $orig_word, $replacement_word; global $orig_word, $replacement_word;
global $starttime; global $starttime;
@ -58,16 +58,13 @@ function topic_review($topic_id, $is_inline_review)
// //
// Start session management // Start session management
// //
$userdata = session_pagestart($user_ip, $forum_id); $userdata = $session->start();
init_userprefs($userdata); $acl = new auth($userdata);
// //
// End session management // End session management
// //
$is_auth = array(); if ( !$acl->get_acl($forum_id, 'forum', 'list') || !$acl->get_acl($forum_id, 'forum', 'read') )
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row);
if ( !$is_auth['auth_read'] )
{ {
message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_auth_read'], $is_auth['auth_read_type'])); message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_auth_read'], $is_auth['auth_read_type']));
} }
@ -154,7 +151,7 @@ function topic_review($topic_id, $is_inline_review)
$message = preg_replace('#(<)([\/]?.*?)(>)#is', '&lt;\2&gt;', $message); $message = preg_replace('#(<)([\/]?.*?)(>)#is', '&lt;\2&gt;', $message);
} }
if ( $bbcode_uid != "" ) if ( $bbcode_uid != '' )
{ {
$message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message); $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message);
} }