makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge commit 'release-3.0-B2'

Browse source
This commit is contained in:
Nils Adermann 2010-03-02 01:05:33 +01:00
commit ee82970d96
306 changed files with 19065 additions and 10043 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
phpBB/adm/index.php
View file

@ -11,6 +11,7 @@
/**
*/
define('IN_PHPBB', 1);
define('ADMIN_START', 1);
define('NEED_SID', true);
// Include files
@ -151,7 +152,7 @@ function adm_page_header($page_title)
{
header('Content-type: text/html; charset: ' . $user->lang['ENCODING']);
}
header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
header('Cache-Control: private, no-cache="set-cookie"');
header('Expires: 0');
header('Pragma: no-cache');
@ -205,14 +206,7 @@ function adm_page_footer($copyright_html = true)
$template->display('body');
// Unload cache, must be done before the DB connection if closed
if (!empty($cache))
{
$cache->unload();
}
// Close our DB connection.
$db->sql_close();
garbage_collection();
exit;
}

13
phpBB/adm/style/acp_bbcodes.html
View file

@ -30,6 +30,15 @@
</dl>
</fieldset>
<fieldset>
<legend>{L_BBCODE_HELPLINE}</legend>
<p>{L_BBCODE_HELPLINE_EXPLAIN}</p>
<dl>
<dt><label for="bbcode_helpline">{L_BBCODE_HELPLINE_TEXT}</label></dt>
<dd><input type="text" id="bbcode_helpline" name="bbcode_helpline" size="60" maxlength="255" value="{BBCODE_HELPLINE}" /></dd>
</dl>
</fieldset>
<fieldset>
<legend>{L_SETTINGS}</legend>
<dl>
@ -45,7 +54,7 @@
<br />
<table cellspacing="1">
<table cellspacing="1" id="down">
<thead>
<tr>
<th colspan="2">{L_TOKENS}</th>
@ -76,7 +85,7 @@
<p>{L_ACP_BBCODES_EXPLAIN}</p>
<table cellspacing="1">
<table cellspacing="1" id="down">
<thead>
<tr>
<th>{L_BBCODE_TAG}</th>

122
phpBB/adm/style/acp_captcha.html Normal file
View file

@ -0,0 +1,122 @@
<!-- INCLUDE overall_header.html -->
<a name="maincontent"></a>
<h1>{L_ACP_VC_SETTINGS}</h1>
<p>{L_ACP_VC_SETTINGS_EXPLAIN}</p>
<form id="acp_captcha" method="post" action="{U_ACTION}">
<fieldset>
<legend>{L_GENERAL_OPTIONS}</legend>
<dl>
<dt><label for="enable_confirm">{L_VISUAL_CONFIRM_REG}:</label><br /><span>{L_VISUAL_CONFIRM_REG_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" id="enable_confirm" name="enable_confirm" value="1"<!-- IF REG_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_ENABLED}&nbsp; &nbsp;<input type="radio" class="radio" name="enable_confirm" value="0"<!-- IF not REG_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_DISABLED}</dd>
</dl>
<dl>
<dt><label for="enable_post_confirm">{L_VISUAL_CONFIRM_POST}:</label><br /><span>{L_VISUAL_CONFIRM_POST_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" id="enable_post_confirm" name="enable_post_confirm" value="1"<!-- IF POST_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_ENABLED}&nbsp; &nbsp;<input type="radio" class="radio" name="enable_post_confirm" value="0"<!-- IF not POST_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_DISABLED}</dd>
</dl>
</fieldset>
<!-- IF GD -->
<fieldset>
<legend>{L_CAPTCHA_OVERLAP}</legend>
<!-- IF TTF -->
<dl>
<dt><label for="policy_overlap">{L_CAPTCHA_OVERLAP}:</label><br /><span>{U_POLICY_OVERLAP}</span></dt>
<dd><input id="policy_overlap" name="policy_overlap" value="1" class="radio" type="radio"<!-- IF OVERLAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_overlap" value="0" class="radio" type="radio"<!-- IF not OVERLAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
<dl>
<dt><label for="policy_overlap_noise_pixel">{L_OVERLAP_NOISE_PIXEL}:</label></dt>
<select id="policy_overlap_noise_pixel" name="policy_overlap_noise_pixel"><option value="0"<!-- IF OVERLAP_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF OVERLAP_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF OVERLAP_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF OVERLAP_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
</dl>
<dl>
<dt><label for="policy_overlap_noise_line">{L_OVERLAP_NOISE_LINE}:</label></dt>
<dd><input id="policy_overlap_noise_line" name="policy_overlap_noise_line" value="1" class="radio" type="radio"<!-- IF OVERLAP_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_overlap_noise_line" value="0" class="radio" type="radio"<!-- IF not OVERLAP_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<!-- ENDIF -->
<fieldset>
<legend>{L_CAPTCHA_ENTROPY}</legend>
<dl>
<dt><label for="policy_entropy">{L_CAPTCHA_ENTROPY}:</label><br /><span>{U_POLICY_ENTROPY}</span></dt>
<dd><input id="policy_entropy" name="policy_entropy" value="1" class="radio" type="radio"<!-- IF ENTROPY_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_entropy" value="0" class="radio" type="radio"<!-- IF not ENTROPY_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
<dl>
<dt><label for="policy_entropy_noise_pixel">{L_ENTROPY_NOISE_PIXEL}:</label></dt>
<select id="policy_entropy_noise_pixel" name="policy_entropy_noise_pixel"><option value="0"<!-- IF ENTROPY_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF ENTROPY_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF ENTROPY_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF ENTROPY_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
</dl>
<dl>
<dt><label for="policy_entropy_noise_line">{L_ENTROPY_NOISE_LINE}:</label></dt>
<dd><input id="policy_entropy_noise_line" name="policy_entropy_noise_line" value="1" class="radio" type="radio"<!-- IF ENTROPY_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_entropy_noise_line" value="0" class="radio" type="radio"<!-- IF not ENTROPY_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<!-- IF TTF -->
<fieldset>
<legend>{L_CAPTCHA_SHAPE}</legend>
<dl>
<dt><label for="policy_shape">{L_CAPTCHA_SHAPE}:</label><br /><span>{U_POLICY_SHAPE}</span></dt>
<dd><input id="policy_shape" name="policy_shape" value="1" class="radio" type="radio"<!-- IF SHAPE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_shape" value="0" class="radio" type="radio"<!-- IF not SHAPE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
<dl>
<dt><label for="policy_shape_noise_pixel">{L_SHAPE_NOISE_PIXEL}:</label></dt>
<select id="policy_shape_noise_pixel" name="policy_shape_noise_pixel"><option value="0"<!-- IF SHAPE_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF SHAPE_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF SHAPE_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF SHAPE_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
</dl>
<dl>
<dt><label for="policy_shape_noise_line">{L_SHAPE_NOISE_LINE}:</label></dt>
<dd><input id="policy_shape_noise_line" name="policy_shape_noise_line" value="1" class="radio" type="radio"<!-- IF SHAPE_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_shape_noise_line" value="0" class="radio" type="radio"<!-- IF not SHAPE_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<!-- ENDIF -->
<fieldset>
<legend>{L_CAPTCHA_3DBITMAP}</legend>
<dl>
<dt><label for="policy_3dbitmap">{L_CAPTCHA_3DBITMAP}:</label><br /><span>{U_POLICY_3DBITMAP}</span></dt>
<dd><input id="policy_3dbitmap" name="policy_3dbitmap" value="1" class="radio" type="radio"<!-- IF THREEDBITMAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_3dbitmap" value="0" class="radio" type="radio"<!-- IF not THREEDBITMAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<!-- IF TTF -->
<fieldset>
<legend>{L_CAPTCHA_CELLS}</legend>
<dl>
<dt><label for="policy_cells">{L_CAPTCHA_CELLS}:</label><br /><span>{U_POLICY_CELLS}</span></dt>
<dd><input id="policy_cells" name="policy_cells" value="1" class="radio" type="radio"<!-- IF CELLS_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_cells" value="0" class="radio" type="radio"<!-- IF not CELLS_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<fieldset>
<legend>{L_CAPTCHA_STENCIL}</legend>
<dl>
<dt><label for="policy_stencil">{L_CAPTCHA_STENCIL}:</label><br /><span>{U_POLICY_STENCIL}</span></dt>
<dd><input id="policy_stencil" name="policy_stencil" value="1" class="radio" type="radio"<!-- IF STENCIL_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_stencil" value="0" class="radio" type="radio"<!-- IF not STENCIL_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<fieldset>
<legend>{L_CAPTCHA_COMPOSITE}</legend>
<dl>
<dt><label for="policy_composite">{L_CAPTCHA_COMPOSITE}:</label><br /><span>{U_POLICY_COMPOSITE}</span></dt>
<dd><input id="policy_composite" name="policy_composite" value="1" class="radio" type="radio"<!-- IF COMPOSITE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_composite" value="0" class="radio" type="radio"<!-- IF not COMPOSITE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
</dl>
</fieldset>
<!-- ENDIF -->
<!-- ENDIF -->
<fieldset class="submit-buttons">
<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
</fieldset>
</form>
<!-- INCLUDE overall_footer.html -->

2
phpBB/adm/style/acp_database.html
View file

@ -54,7 +54,7 @@
<legend>{L_BACKUP_OPTIONS}</legend>
<dl>
<dt><label for="user">{L_BACKUP_TYPE}:</label></dt>
<dd><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" />&nbsp;{L_FULL_BACKUP}&nbsp;&nbsp;<input type="radio" name="type" value="structure" id="type" />&nbsp;{L_STRUCTURE_ONLY}&nbsp;&nbsp;<input type="radio" class="radio" name="type" value="data" id="type" />&nbsp;{L_DATA_ONLY}</dd>
<dd><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" />&nbsp;{L_FULL_BACKUP}&nbsp;&nbsp;<input type="radio" name="type" class="radio" value="structure" id="type" />&nbsp;{L_STRUCTURE_ONLY}&nbsp;&nbsp;<input type="radio" class="radio" name="type" value="data" id="type" />&nbsp;{L_DATA_ONLY}</dd>
</dl>
<dl>
<dt><label for="user">{L_FILE_TYPE}:</label></dt>

60
phpBB/adm/style/acp_forums.html
View file

@ -100,12 +100,10 @@
<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
</dl>
<!-- IF S_ADD_ACTION -->
<dl>
<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
</dl>
<!-- ENDIF -->
<dl>
<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
</dl>
</fieldset>
<div id="forum_cat_options"<!-- IF not S_FORUM_CAT --> style="display: none;"<!-- ENDIF -->>
@ -125,6 +123,16 @@
<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
</dl>
<!-- IF S_SHOW_DISPLAY_ON_INDEX -->
<dl>
<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_on_index" value="0"<!-- IF not S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
<!-- ENDIF -->
<dl>
<dt><label for="enable_post_review">{L_ENABLE_POST_REVIEW}:</label><br /><span>{L_ENABLE_POST_REVIEW_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="enable_post_review" value="1"<!-- IF S_ENABLE_POST_REVIEW --> id="enable_post_review" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_post_review" value="0"<!-- IF not S_ENABLE_POST_REVIEW --> id="enable_post_review" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
<dl>
<dt><label for="enable_indexing">{L_ENABLE_INDEXING}:</label><br /><span>{L_ENABLE_INDEXING_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="enable_indexing" value="1"<!-- IF S_ENABLE_INDEXING --> id="enable_indexing" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_indexing" value="0"<!-- IF not S_ENABLE_INDEXING --> id="enable_indexing" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
@ -133,22 +141,30 @@
<dt><label for="enable_icons">{L_ENABLE_TOPIC_ICONS}:</label></dt>
<dd><input type="radio" class="radio" name="enable_icons" value="1"<!-- IF S_TOPIC_ICONS --> id="enable_icons" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_icons" value="0"<!-- IF not S_TOPIC_ICONS --> id="enable_icons" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
<!-- IF S_SHOW_DISPLAY_ON_INDEX -->
<dl>
<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_on_index" value="0"<!-- IF not S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
<!-- ENDIF -->
<dl>
<dt><label for="display_recent">{L_ENABLE_RECENT}:</label><br /><span>{L_ENABLE_RECENT_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="display_recent" value="1"<!-- IF S_DISPLAY_ACTIVE_TOPICS --> id="display_recent" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_recent" value="0"<!-- IF not S_DISPLAY_ACTIVE_TOPICS --> id="display_recent" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
<dl>
<dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}:</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="enable_prune" onchange="dE('forum_prune_options', 1)" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_prune" onchange="dE('forum_prune_options', -1)" value="0"<!-- IF not S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
</dl>
<dl>
<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
</dl>
<dl>
<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
</dl>
</fieldset>
<div id="forum_prune_options"<!-- IF not S_PRUNE_ENABLE --> style="display: none;"<!-- ENDIF -->>
<fieldset>
<legend>{L_FORUM_PRUNE_SETTINGS}</legend>
<dl>
<dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}:</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="enable_prune" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_prune" value="0"<!-- IF not S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
<dl>
<dt><label for="prune_freq">{L_AUTO_PRUNE_FREQ}:</label><br /><span>{L_AUTO_PRUNE_FREQ_EXPLAIN}</span></dt>
<dd><input type="text" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" /> {L_DAYS}</dd>
@ -173,20 +189,6 @@
<dt><label for="prune_sticky">{L_PRUNE_STICKY}:</label></dt>
<dd><input type="radio" class="radio" name="prune_sticky" value="1"<!-- IF S_PRUNE_STICKY --> id="prune_sticky" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="prune_sticky" value="0"<!-- IF not S_PRUNE_STICKY --> id="prune_sticky" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
</dl>
</div>
<dl>
<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
</dl>
<dl>
<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
</dl>
<dl>
<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
</dl>
</fieldset>
</div>

36
phpBB/adm/style/acp_groups.html
View file

@ -153,12 +153,16 @@
<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
<h1>{L_GROUP_MEMBERS}</h1>
<h1>{L_GROUP_MEMBERS} :: {GROUP_NAME}</h1>
<p>{L_GROUP_MEMBERS_EXPLAIN}</p>
<form id="list" method="post" action="{U_ACTION}">
<fieldset class="quick">
<a href="{U_DEFAULT_ALL}">&raquo; {L_MAKE_DEFAULT_FOR_ALL}</a>
</fieldset>
<table cellspacing="1">
<thead>
<tr>
@ -259,6 +263,13 @@
<p>{L_ACP_GROUPS_MANAGE_EXPLAIN}</p>
<!-- IF S_ERROR -->
<div class="errorbox">
<h3>{L_WARNING}</h3>
<p>{ERROR_MSG}</p>
</div>
<!-- ENDIF -->
<h1>{L_USER_DEF_GROUPS}</h1>
<p>{L_USER_DEF_GROUPS_EXPLAIN}</p>
@ -269,9 +280,10 @@
<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
<thead>
<tr>
<th style="width: 50%">{L_MANAGE}</th>
<th style="width: 50%">{L_GROUP}</th>
<th>{L_TOTAL_MEMBERS}</th>
<th colspan="3">{L_OPTIONS}</th>
<th colspan="2">{L_OPTIONS}</th>
<th>{L_ACTION}</th>
</tr>
</thead>
<tbody>
@ -282,10 +294,13 @@
<fieldset class="quick">
<!-- IF S_GROUP_ADD -->
{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="add" value="{L_SUBMIT}" />
{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="submit" value="{L_SUBMIT}" />
<input type="hidden" name="add" value="1" />
<!-- ENDIF -->
</fieldset>
</form>
<h1>{L_SPECIAL_GROUPS}</h1>
<p>{L_SPECIAL_GROUPS_EXPLAIN}</p>
@ -294,18 +309,19 @@
<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
<thead>
<tr>
<th style="width: 50%">{L_MANAGE}</th>
<th style="width: 50%">{L_GROUP}</th>
<th>{L_TOTAL_MEMBERS}</th>
<th colspan="3">{L_OPTIONS}</th>
<th colspan="2">{L_OPTIONS}</th>
<th>{L_ACTION}</th>
</tr>
</thead>
<tbody>
<!-- ELSE -->
<tr>
<td><a href="{groups.U_LIST}">{groups.GROUP_NAME}</a></td>
<td><strong>{groups.GROUP_NAME}</strong></td>
<td style="text-align: center;">{groups.TOTAL_MEMBERS}</td>
<td style="text-align: center;"><a href="{groups.U_DEFAULT}">{L_GROUP_DEFAULT}</a></td>
<td style="text-align: center;"><a href="{groups.U_EDIT}">{L_EDIT}</a></td>
<td style="text-align: center;"><a href="{groups.U_EDIT}">{L_SETTINGS}</a></td>
<td style="text-align: center;"><a href="{groups.U_LIST}">{L_MEMBERS}</a></td>
<td style="text-align: center;"><!-- IF not groups.S_GROUP_SPECIAL and groups.U_DELETE --><a href="{groups.U_DELETE}">{L_DELETE}</a><!-- ELSE -->{L_DELETE}<!-- ENDIF --></td>
</tr>
<!-- ENDIF -->
@ -313,8 +329,6 @@
</tbody>
</table>
</form>
<!-- ENDIF -->
<!-- INCLUDE overall_footer.html -->

10
phpBB/adm/style/acp_logs.html
View file

@ -70,12 +70,20 @@
<!-- IF S_CLEARLOGS -->
<fieldset class="quick">
<b class="small"><a href="#" onclick="marklist('list', 'mark', true);">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></b><br />
<b class="small"><a href="javascript: marklist('list', 'mark', true);">{L_MARK_ALL}</a> :: <a href="javascript:marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></b><br />
<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />&nbsp;
<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
</fieldset>
<!-- ENDIF -->
<div class="pagination">
<!-- IF PAGINATION -->
<a href="javascript:jumpto();" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
<!-- ELSE -->
{S_ON_PAGE}
<!-- ENDIF -->
</div>
</form>
<!-- INCLUDE overall_footer.html -->

17
phpBB/adm/style/acp_main.html
View file

@ -11,6 +11,13 @@
</div>
<!-- ENDIF -->
<!-- IF S_REMOVE_INSTALL -->
<div class="errorbox">
<h3>{L_WARNING}</h3>
<p>{L_REMOVE_INSTALL}</p>
</div>
<!-- ENDIF -->
<table cellspacing="1">
<caption>{L_FORUM_STATS}</caption>
<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />
@ -60,10 +67,10 @@
<td><b>{UPLOAD_DIR_SIZE}</b></td>
</tr>
<tr>
<td>{L_DATABASE_SERVER_INFO}: </td>
<td><b>{DATABASE_INFO}</b></td>
<td>{L_GZIP_COMPRESSION}: </td>
<td><b>{GZIP_COMPRESSION}</b></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
</tbody>
</table>
@ -104,6 +111,10 @@
<!-- END log -->
</tbody>
</table>
<br />
<div style="text-align: right;"><a href="{U_ADMIN_LOG}">&raquo; {L_VIEW_ADMIN_LOG}</a></div>
<!-- ENDIF -->
<!-- IF S_INACTIVE_USERS -->
@ -118,6 +129,7 @@
<tr>
<th>{L_USERNAME}</th>
<th>{L_JOINED}</th>
<th>{L_LAST_VISIT}</th>
<th>{L_MARK}</th>
</tr>
</thead>
@ -127,6 +139,7 @@
<td><a href="{inactive.U_USER_ADMIN}">{inactive.USERNAME}</a></td>
<td>{inactive.DATE}</td>
<td>{inactive.LAST_VISIT}</td>
<td>&nbsp;<input type="checkbox" class="radio" name="mark[]" value="{inactive.USER_ID}" />&nbsp;</td>
</tr>
<!-- BEGINELSE -->

4
phpBB/adm/style/acp_modules.html
View file

@ -93,9 +93,9 @@
<label><input type="radio" class="radio" name="module_display" value="0"<!-- IF not MODULE_DISPLAY --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
</dl>
<dl>
<dt><label for="module_name">{L_CHOOSE_MODULE}:</label><br />
<dt><label for="module_basename">{L_CHOOSE_MODULE}:</label><br />
<span>{L_CHOOSE_MODULE_EXPLAIN}</span></dt>
<dd><select name="module_name" id="module_name" onchange="display_modes(this.value);">{S_MODULE_NAMES}</select></dd>
<dd><select name="module_basename" id="module_basename" onchange="display_modes(this.value);">{S_MODULE_NAMES}</select></dd>
</dl>
<dl>
<dt><label for="module_mode">{L_CHOOSE_MODE}:</label><br />

16
phpBB/adm/style/acp_permission_roles.html
View file

@ -96,7 +96,7 @@
<h1>{L_ACL_TYPE}</h1>
<fieldset class="quick">
<a href="javascript: mark_options('a_options', 'y');">{L_ALL_YES}</a> &bull; <a href="javascript: mark_options('a_options', 'n');">{L_ALL_NO}</a> &bull; <a href="javascript: mark_options('a_options', 'u');">{L_ALL_UNSET}</a>
<a href="javascript: mark_options('a_options', 'y');">{L_ALL_YES}</a> &bull; <a href="javascript: mark_options('a_options', 'n');">{L_ALL_NEVER}</a> &bull; <a href="javascript: mark_options('a_options', 'u');">{L_ALL_NO}</a>
</fieldset>
<fieldset class="permissions">
@ -114,10 +114,10 @@
<!-- BEGIN auth -->
<!-- IF auth.S_YES -->
<td class="preset preset_yes">
<!-- ELSEIF auth.S_NEVER -->
<td class="preset preset_never">
<!-- ELSEIF auth.S_NO -->
<td class="preset preset_no">
<!-- ELSEIF auth.S_UNSET -->
<td class="preset preset_unset">
<!-- ELSE -->
<td class="preset preset_custom">
<!-- ENDIF -->
@ -132,17 +132,17 @@
<tr>
<th scope="col" style="text-align: left; padding-left: 0;"><strong>{L_ACL_SETTING} [{auth.CAT_NAME}]</strong></th>
<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'y');">{L_ACL_YES}</a></th>
<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'u');">{L_ACL_UNSET}</a></th>
<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'n');">{L_ACL_NO}</a></th>
<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'u');">{L_ACL_NO}</a></th>
<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'n');">{L_ACL_NEVER}</a></th>
</tr>
</thead>
<tbody>
<!-- BEGIN mask -->
<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
<th>{auth.mask.PERMISSION}</th>
<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_UNSET --> checked="checked"<!-- ENDIF --> value="-1" /></td>
<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="0" /></td>
<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></td>
<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></td>
</tr>
<!-- END mask -->
</tbody>

9
phpBB/adm/style/acp_permissions.html
View file

@ -140,8 +140,7 @@
<fieldset class="quick">
{S_HIDDEN_FIELDS}
<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" /> &nbsp;
<input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" />
<input type="submit" class="button2" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
</fieldset>
</form>
@ -153,13 +152,12 @@
<p>{L_USERNAMES_EXPLAIN}</p>
<dl>
<dd class="full"><textarea id="username" name="usernames" rows="5" cols="5" style="width: 100%; height: 60px;"></textarea></dd>
<dd class="full" style="text-align: left;"><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> &nbsp;{L_SELECT_ANONYMOUS}</dd>
<dd class="full" style="text-align: left;"><div style="float: right;">[ <a href="#" onclick="window.open('{U_FIND_USERNAME}', '_phpbbsearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); return false;">{L_FIND_USERNAME}</a> ]</div><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> &nbsp;{L_SELECT_ANONYMOUS}</dd>
</dl>
</fieldset>
<fieldset class="quick">
{S_HIDDEN_FIELDS}
<input class="button2" type="submit" name="find_username" value="{L_FIND_USERNAME}" onclick="window.open('{U_FIND_USERNAME}', '_phpbbsearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); return false;" /> &nbsp;
<input class="button1" type="submit" name="submit_add_options" value="{L_ADD_PERMISSIONS}" />
</fieldset>
@ -187,8 +185,7 @@
<fieldset class="quick">
{S_HIDDEN_FIELDS}
<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" />&nbsp;
<input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" />
<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
</fieldset>
</form>

13
phpBB/adm/style/acp_profile.html
View file

@ -40,7 +40,7 @@
<fieldset>
<legend>{L_VISIBILITY_OPTION}</legend>
<dl>
<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label></dt>
<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" id="field_option_none" name="field_option" value="none"<!-- IF not S_SHOW_ON_REG and not S_FIELD_REQUIRED and not S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
</dl>
<dl>
@ -81,7 +81,13 @@
<!-- ENDIF -->
<!-- IF S_BOOL or S_DROPDOWN -->
<dl>
<dt><label for="lang_options">{L_ENTRIES}:</label><br /><span>{L_LANG_OPTIONS_EXPLAIN}</span></dt>
<dt><label for="lang_options">{L_ENTRIES}:</label>
<!-- IF S_EDIT_MODE and S_DROPDOWN -->
<br /><span>{L_EDIT_DROPDOWN_LANG_EXPLAIN}</span>
<!-- ELSE -->
<br /><span>{L_LANG_OPTIONS_EXPLAIN}</span>
<!-- ENDIF -->
</dt>
<!-- IF S_DROPDOWN -->
<dd><textarea id="lang_options" name="lang_options" rows="5" cols="80">{LANG_OPTIONS}</textarea></dd>
<!-- ELSE -->
@ -182,7 +188,8 @@
<fieldset class="quick">
<input class="small" type="text" name="field_ident" /> <select name="field_type">{S_TYPE_OPTIONS}</select>
<input class="button1" type="submit" name="create" value="{L_CREATE_NEW_FIELD}" />
<input class="button1" type="submit" name="submit" value="{L_CREATE_NEW_FIELD}" />
<input type="hidden" name="create" value="1" />
</fieldset>
</form>

18
phpBB/adm/style/acp_styles.html
View file

@ -78,7 +78,7 @@
<td class="row1" colspan="2" align="center">
<table width="100%" cellspacing="2" cellpadding="2" border="0">
<tr>
<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST neq '' -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
<td width="50%" align="center"><img src="images/no_image.png" name="newimg" /></td>
</tr>
<tr>
@ -94,7 +94,7 @@
</tr>
<tr>
<td class="row1" width="40%"><b>{L_IMAGE}: </b></td>
<td class="row2"><select name="imgpath" onchange="update_image(this.options[selectedIndex].value);"><option value=""<!-- IF not IMAGE_SELECT--> selected="selected"<!-- ENDIF -->>{L_NONE}</option>
<td class="row2"><select name="imgpath" onchange="update_image(this.options[selectedIndex].value);"><option value=""<!-- IF not IMAGE_SELECT--> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>
<!-- BEGIN imagesetlist -->
<option class="sep" value=""><!-- IF imagesetlist.TYPE -->{L_LOCALISED_IMAGES}<!-- ELSE -->{L_GLOBAL_IMAGES}<!-- ENDIF --></option>
<!-- BEGIN images -->
@ -506,15 +506,16 @@
<p>{L_EXPLAIN}</p>
<!-- IF S_STYLE --> <!-- DEFINE $COLSPAN = 4 --> <!-- ELSE --> <!-- DEFINE $COLSPAN = 3 --> <!-- ENDIF -->
<!-- IF S_STYLE --> <!-- DEFINE $COLSPAN = 5 --> <!-- ELSE --> <!-- DEFINE $COLSPAN = 4 --> <!-- ENDIF -->
<table cellspacing="1">
<col class="row1" /><!-- IF S_STYLE --><col class="row1" /><!-- ENDIF --><col class="row2" />
<col class="row1" /><!-- IF S_STYLE --><col class="row1" /><!-- ENDIF --><col class="row2" /><col class="row2" />
<thead>
<tr>
<th>{L_NAME}</th>
<!-- IF S_STYLE --><th>{L_STYLE_USED_BY}</th><!-- ENDIF -->
<th>{L_OPTIONS}</th>
<th>{L_ACTIONS}</th>
</tr>
</thead>
<tbody>
@ -523,15 +524,18 @@
</tr>
<!-- BEGIN installed -->
<tr>
<td><a href="{installed.U_EDIT}">{installed.NAME}</a><!-- IF installed.S_DEFAULT_STYLE --> *<!-- ENDIF --></td>
<td><strong>{installed.NAME}</strong></a><!-- IF installed.S_DEFAULT_STYLE --> *<!-- ENDIF --></td>
<!-- IF S_STYLE -->
<td style="text-align: center;">{installed.STYLE_COUNT}</td>
<!-- ENDIF -->
<td style="text-align: center;">
{installed.S_OPTIONS}
</td>
<td style="text-align: center;">
<!-- IF S_STYLE -->
<a href="{installed.U_STYLE_ACT_DEACT}">{installed.L_STYLE_ACT_DEACT}</a> |
<!-- ENDIF -->
{installed.S_OPTIONS}
{installed.S_ACTIONS}
<!-- IF S_STYLE -->
| <a href="{installed.U_PREVIEW}" onclick="this.target='_preview';">{L_PREVIEW}</a>
<!-- ENDIF -->
@ -548,7 +552,7 @@
<!-- BEGIN uninstalled -->
<tr>
<td<!-- IF S_STYLE --> colspan="2"<!-- ENDIF -->><b>{uninstalled.NAME}</b><br /><span>{L_COPYRIGHT}: {uninstalled.COPYRIGHT}</span></td>
<td style="text-align: center;"><a href="{uninstalled.U_INSTALL}">{L_INSTALL}</a></td>
<td style="text-align: center;" colspan="2"><a href="{uninstalled.U_INSTALL}">{L_INSTALL}</a></td>
</tr>
<!-- END uninstalled -->
</tbody>

49
phpBB/adm/style/acp_users.html
View file

@ -101,6 +101,10 @@
<dt><label>{L_LAST_ACTIVE}:</label></dt>
<dd><strong>{USER_LASTACTIVE}</strong></dd>
</dl>
<dl>
<dt><label>{L_POSTS}:</label></dt>
<dd><strong>{USER_POSTS}</strong></dd>
</dl>
<dl>
<dt><label for="user_founder">{L_FOUNDER}:</label><br /><span>{L_FOUNDER_EXPLAIN}</span></dt>
<dd><input type="radio" class="radio" name="user_founder" value="1"<!-- IF S_USER_FOUNDER --> id="user_founder" checked="checked"<!-- ENDIF --><!-- IF not S_FOUNDER --> disabled="disabled"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp; <input type="radio" class="radio" name="user_founder" value="0"<!-- IF not S_USER_FOUNDER --> id="user_founder" checked="checked"<!-- ENDIF --><!-- IF not S_FOUNDER --> disabled="disabled"<!-- ENDIF --> />&nbsp;{L_NO}&nbsp;</dd>
@ -134,11 +138,13 @@
<dt><label for="quicktools">{L_QUICK_TOOLS}:</label></dt>
<dd><select id="quicktools" name="action">{S_ACTION_OPTIONS}</select></dd>
</dl>
<dl>
<dt><label for="delete_user">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
<dd><input type="checkbox" class="radio" name="delete" value="1" /></dd>
<dd><select id="delete_user" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
</dl>
<!-- IF not S_OWN_ACCOUNT -->
<dl>
<dt><label for="delete_user">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
<dd><input type="checkbox" class="radio" name="delete" value="1" /></dd>
<dd><select id="delete_user" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
</dl>
<!-- ENDIF -->
<!-- ENDIF -->
</fieldset>
@ -340,7 +346,7 @@
</dl>
<dl>
<dt><label for="tz">{L_BOARD_TIMEZONE}:</label></dt>
<dd><select id="tz" name="tz">{S_TZ_OPTIONS}</select></dd>
<dd><select id="tz" name="tz" style="width: 100%;">{S_TZ_OPTIONS}</select></dd>
</dl>
<dl>
<dt><label for="dst">{L_BOARD_DST}:</label></dt>
@ -537,7 +543,7 @@
// Define the bbCode tags
bbcode = new Array();
bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]');
bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
imageTag = false;
// Helpline messages
@ -554,6 +560,8 @@
s_help = "{LA_BBCODE_S_HELP}";
f_help = "{LA_BBCODE_F_HELP}";
e_help = "{LA_BBCODE_E_HELP}";
d_help = "{LA_BBCODE_D_HELP}";
<!-- BEGIN custom_tags -->cb_{custom_tags.BBCODE_ID}_help = "{custom_tags.BBCODE_HELPLINE}";<!-- END custom_tags -->
//-->
</script>
@ -572,15 +580,17 @@
<legend>{L_SIGNATURE}</legend>
<p>{L_SIGNATURE_EXPLAIN}</p>
<div id="format-buttons">
<input class="button2" type="button" accesskey="b" name="addbbcode0" value=" B " style="font-weight:bold; width: 30px" onclick="bbstyle(0)" onmouseover="helpline('b')" />
<input class="button2" type="button" accesskey="i" name="addbbcode2" value=" i " style="font-style:italic; width: 30px" onclick="bbstyle(2)" onmouseover="helpline('i')" />
<input class="button2" type="button" accesskey="u" name="addbbcode4" value=" u " style="text-decoration: underline; width: 30px" onclick="bbstyle(4)" onmouseover="helpline('u')" />
<input class="button2" type="button" accesskey="q" name="addbbcode6" value="Quote" style="width: 50px" onclick="bbstyle(6)" onmouseover="helpline('q')" />
<input class="button2" type="button" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" />
<input class="button2" type="button" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" />
<input class="button2" type="button" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" />
<input class="button2" type="button" accesskey="p" name="addbbcode14" value="Img" style="width: 40px" onclick="bbstyle(14)" onmouseover="helpline('p')" />
<input class="button2" type="button" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onclick="bbstyle(16)" onmouseover="helpline('w')" />
<input type="button" class="button2" accesskey="b" name="addbbcode0" value=" B " style="font-weight:bold; width: 30px;" onclick="bbstyle(0)" onmouseover="helpline('b')" />
<input type="button" class="button2" accesskey="i" name="addbbcode2" value=" i " style="font-style:italic; width: 30px;" onclick="bbstyle(2)" onmouseover="helpline('i')" />
<input type="button" class="button2" accesskey="u" name="addbbcode4" value=" u " style="text-decoration: underline; width: 30px;" onclick="bbstyle(4)" onmouseover="helpline('u')" />
<input type="button" class="button2" accesskey="q" name="addbbcode6" value="Quote" style="width: 50px" onclick="bbstyle(6)" onmouseover="helpline('q')" />
<input type="button" class="button2" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" />
<input type="button" class="button2" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" />
<input type="button" class="button2" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" />
<!-- IF S_BBCODE_IMG --><input type="button" class="button2" accesskey="p" name="addbbcode14" value="Img" style="width: 40px" onclick="bbstyle(14)" onmouseover="helpline('p')" /><!-- ENDIF -->
<input type="button" class="button2" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onclick="bbstyle(16)" onmouseover="helpline('w')" onmouseover="helpline('d')" />
<!-- IF S_BBCODE_FLASH --><input type="button" class="button2" accesskey="d" name="addbbcode18" value="Flash" onclick="bbstyle(18)" onmouseover="helpline('d')" /><!-- ENDIF -->
{L_FONT_SIZE}: <select name="addbbcode20" onchange="bbfontstyle('[size=' + this.form.addbbcode20.options[this.form.addbbcode20.selectedIndex].value + ']', '[/size]');this.form.addbbcode20.selectedIndex = 2;" onmouseover="helpline('f')">
<option value="7">{L_FONT_TINY}</option>
<option value="9">{L_FONT_SMALL}</option>
@ -589,6 +599,13 @@
<option value="24">{L_FONT_HUGE}</option>
</select>
<a href="javascript:bbstyle(-1)" onmouseover="helpline('a')">{L_CLOSE_TAGS}</a>
<!-- IF .custom_tags -->
<br /><br />
<!-- BEGIN custom_tags -->
<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')"<!-- ENDIF --> />
<!-- END custom_tags -->
<!-- ENDIF -->
</div>
<p><input type="text" name="helpbox" value="{L_STYLES_TIP}" class="full" style="border: 0; background: none;" /></p>
<dl>

18
phpBB/adm/style/acp_words.html
View file

@ -38,6 +38,15 @@
<p>{L_ACP_WORDS_EXPLAIN}</p>
<form id="acp_words" method="post" action="{U_ACTION}">
<fieldset class="quick">
{S_HIDDEN_FIELDS}
<input class="button2" name="add" type="submit" value="{L_ADD_WORD}" />
</fieldset>
</form>
<table cellspacing="1">
<thead>
<tr>
@ -58,15 +67,6 @@
</tbody>
</table>
<form id="acp_words" method="post" action="{U_ACTION}">
<fieldset class="quick">
{S_HIDDEN_FIELDS}
<input class="button2" name="add" type="submit" value="{L_ADD_WORD}" />
</fieldset>
</form>
<!-- ENDIF -->
<!-- INCLUDE overall_footer.html -->

8
phpBB/adm/style/admin.css
View file

@ -851,12 +851,12 @@ table.pmask td.name {
background-color: #40C53D;
}
.permissions td.no {
.permissions td.never {
width: 20px;
background-color: #EC7181;
}
.permissions td.unset {
.permissions td.no {
width: 20px;
background-color: transparent;
}
@ -889,11 +889,11 @@ table.pmask td.name {
background: #DAE4EC url("../images/bg_hash2.gif") repeat;
}
.preset_no {
.preset_never {
background: #ECD7DA url("../images/bg_hash3.gif") repeat;
}
.preset_unset {
.preset_no {
background: #ECD7DA url("../images/bg_hash4.gif") repeat;
}

8
phpBB/adm/style/install_header.html
View file

@ -16,6 +16,14 @@
<div id="wrap">
<div id="page-header">
<h1>{L_INSTALL_PANEL}</h1>
<!-- IF S_LANG_SELECT -->
<br />
<form method="post">
<label for="language">{L_SELECT_LANG}:</label>
{S_LANG_SELECT}
<input class="button1" type="submit" id="change_lang" name="change_lang" value="{L_CHANGE}" />
</form>
<!-- ENDIF -->
</div>
<div id="page-body">

1
phpBB/adm/style/overall_footer.html
View file

@ -19,6 +19,7 @@
<div id="page-footer">
<!-- IF S_COPYRIGHT_HTML -->
Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
{L_TRANSLATION_INFO}
<!-- ENDIF -->
<!-- IF DEBUG_OUTPUT -->

26
phpBB/adm/style/permission_mask.html
View file

@ -115,7 +115,7 @@
return;
}
// Mark all options to unset first...
// Mark all options to no (unset) first...
mark_options(target_id, 'u');
for (var r in settings)
@ -179,10 +179,10 @@
<!-- BEGIN category -->
<!-- IF p_mask.f_mask.category.S_YES -->
<td class="preset preset_yes">
<!-- ELSEIF p_mask.f_mask.category.S_NEVER -->
<td class="preset preset_never">
<!-- ELSEIF p_mask.f_mask.category.S_NO -->
<td class="preset preset_no">
<!-- ELSEIF p_mask.f_mask.category.S_UNSET -->
<td class="preset preset_unset">
<!-- ELSE -->
<td class="preset preset_custom">
<!-- ENDIF -->
@ -200,8 +200,8 @@
<div style="float: right; text-align: right; width: 35%;">
<p class="small">
[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_YES}</a>]<br />
[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NO}</a>]<br />
[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_UNSET}</a>]
[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NEVER}</a>]<br />
[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NO}</a>]
</p>
</div>
<!-- ELSE -->
@ -218,11 +218,11 @@
<th scope="col" style="text-align: left; padding-left: 0;"><strong>{L_ACL_SETTING} [{p_mask.f_mask.category.CAT_NAME}]</strong></th>
<!-- IF p_mask.S_VIEW -->
<th scope="col">{L_ACL_YES}</th>
<th scope="col">{L_ACL_NO}</th>
<th scope="col">{L_ACL_NEVER}</th>
<!-- ELSE -->
<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_YES}</a></th>
<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_UNSET}</a></th>
<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NO}</a></th>
<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NO}</a></th>
<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NEVER}</a></th>
<!-- ENDIF -->
</tr>
</thead>
@ -231,12 +231,12 @@
<!-- IF p_mask.f_mask.category.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
<th><!-- IF p_mask.f_mask.category.mask.U_TRACE --><a href="#" onclick="javascript:trace('{p_mask.f_mask.category.mask.U_TRACE}')" title="{L_TRACE_SETTING}"><img src="images/icon_trace.gif" alt="{L_TRACE_SETTING}" /></a> <!-- ENDIF -->{p_mask.f_mask.category.mask.PERMISSION}</th>
<!-- IF p_mask.S_VIEW -->
<td<!-- IF p_mask.f_mask.category.mask.S_YES --> class="yes"<!-- ELSE --> class="unset"<!-- ENDIF -->>&nbsp;</td>
<td<!-- IF p_mask.f_mask.category.mask.S_NO --> class="no"<!-- ELSE --> class="unset"<!-- ENDIF -->>&nbsp;</td>
<td<!-- IF p_mask.f_mask.category.mask.S_YES --> class="yes"<!-- ELSE --> class="no"<!-- ENDIF -->>&nbsp;</td>
<td<!-- IF p_mask.f_mask.category.mask.S_NEVER --> class="never"<!-- ELSE --> class="no"<!-- ENDIF -->>&nbsp;</td>
<!-- ELSE -->
<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_y" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_u" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_UNSET --> checked="checked"<!-- ENDIF --> value="-1" /></td>
<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_n" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NO --> checked="checked"<!-- ENDIF --> value="0" /></td>
<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_y" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_u" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></td>
<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_n" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></td>
<!-- ENDIF -->
</tr>
<!-- END mask -->

12
phpBB/adm/style/permission_trace.html
View file

@ -22,20 +22,20 @@
<!-- IF trace.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
<td style="white-space: nowrap;"><strong>{trace.WHO}</strong></td>
<!-- IF trace.S_SETTING_NO -->
<td class="no">{L_ACL_NO}</td>
<!-- IF trace.S_SETTING_NEVER -->
<td class="never">{L_ACL_NEVER}</td>
<!-- ELSEIF trace.S_SETTING_YES -->
<td class="yes">{L_ACL_YES}</td>
<!-- ELSE -->
<td class="unset">{L_ACL_UNSET}</td>
<td class="no">{L_ACL_NO}</td>
<!-- ENDIF -->
<!-- IF trace.S_TOTAL_NO -->
<td class="no">{L_ACL_NO}</td>
<!-- IF trace.S_TOTAL_NEVER -->
<td class="never">{L_ACL_NEVER}</td>
<!-- ELSEIF trace.S_TOTAL_YES -->
<td class="yes">{L_ACL_YES}</td>
<!-- ELSE -->
<td class="unset">{L_ACL_UNSET}</td>
<td class="no">{L_ACL_NO}</td>
<!-- ENDIF -->
<td>{trace.INFORMATION}</td>

1
phpBB/adm/style/simple_footer.html
View file

@ -17,6 +17,7 @@
<!-- IF S_COPYRIGHT_HTML -->
<br />Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
{TRANSLATION_INFO}
<!-- ENDIF -->
<!-- IF DEBUG_OUTPUT -->

9
phpBB/adm/swatch.php
View file

@ -36,13 +36,6 @@ $template->assign_vars(array(
$template->display('body');
// Unload cache, must be done before the DB connection if closed
if (!empty($cache))
{
$cache->unload();
}
// Close our DB connection.
$db->sql_close();
garbage_collection();
?>

37
phpBB/common.php
View file

@ -104,14 +104,40 @@ if (defined('IN_CRON'))
if (!file_exists($phpbb_root_path . 'config.' . $phpEx))
{
die("<p>The config.$phpEx file could not be found.</p><p><a href=\"$phpbb_root_path/install/index.$phpEx\">Click here to install phpBB</a></p>");
die("<p>The config.$phpEx file could not be found.</p><p><a href=\"{$phpbb_root_path}install/index.$phpEx\">Click here to install phpBB</a></p>");
}
require($phpbb_root_path . 'config.' . $phpEx);
if (!defined('PHPBB_INSTALLED'))
{
header('Location: install/index.' . $phpEx);
// Redirect the user to the installer
// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
// available as used by the redirect function
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
if (!$script_name)
{
$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
}
// Replace any number of consecutive backslashes and/or slashes with a single slash
// (could happen on some proxy setups and/or Windows servers)
$script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx;
$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
$url = (($secure) ? 'https://' : 'http://') . $server_name;
if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
{
$url .= ':' . $server_port;
}
$url .= $script_path;
header('Location: ' . $url);
exit;
}
@ -165,10 +191,11 @@ unset($dbpasswd);
$config = $cache->obtain_config();
$dss_seeded = false;
// Warn about install/ directory
if (file_exists($phpbb_root_path . 'install'))
// Disable board if the install/ directory is still present
if (file_exists($phpbb_root_path . 'install') && !defined('ADMIN_START'))
{
trigger_error('REMOVE_INSTALL');
$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
trigger_error($message);
}
?>

22
phpBB/develop/add_permissions.php
View file

@ -33,9 +33,9 @@ require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
include($phpbb_root_path . 'includes/functions.'.$phpEx);
define('ACL_NO', 0);
define('ACL_NEVER', 0);
define('ACL_YES', 1);
define('ACL_UNSET', -1);
define('ACL_NO', -1);
define('ACL_GROUPS_TABLE', $table_prefix.'acl_groups');
define('ACL_OPTIONS_TABLE', $table_prefix.'acl_options');
@ -212,14 +212,14 @@ foreach ($prefixes as $prefix)
echo "<p><b>Adding $auth_option...</b></p>\n";
mass_auth('group', 0, 'guests', $auth_option, ACL_NO);
mass_auth('group', 0, 'inactive', $auth_option, ACL_NO);
mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NO);
mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NO);
mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NO));
mass_auth('group', 0, 'guests', $auth_option, ACL_NEVER);
mass_auth('group', 0, 'inactive', $auth_option, ACL_NEVER);
mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NEVER);
mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NEVER);
mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NEVER));
mass_auth('group', 0, 'administrators', $auth_option, ACL_YES);
mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
}
}
}
@ -236,7 +236,7 @@ echo "<p><b>Done</b></p>\n";
$forum_id = forum ids (array|int|0) -> 0 == all forums
$ug_id = [int] user_id|group_id : [string] usergroup name
$acl_list = [string] acl entry : [array] acl entries
$setting = ACL_YES|ACL_NO|ACL_UNSET
$setting = ACL_YES|ACL_NEVER|ACL_NO
*/
function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
{
@ -337,7 +337,7 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
switch ($setting)
{
case ACL_UNSET:
case ACL_NO:
if (isset($cur_auth[$forum][$auth_option_id]))
{
$sql_ary['delete'][] = "DELETE FROM $table

1961
phpBB/develop/create_schema_files.php Normal file
View file

File diff suppressed because it is too large Load diff

559
phpBB/develop/generate_utf_tables.php Normal file
View file

@ -0,0 +1,559 @@
<?php
/**
*
* @package phpBB3
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
if (php_sapi_name() != 'cli')
{
die("This program must be run from the command line.\n");
}
set_time_limit(0);
define('IN_PHPBB', true);
$phpbb_root_path = '../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
echo "Checking for required files\n";
download('http://www.unicode.org/Public/UNIDATA/CompositionExclusions.txt');
download('http://www.unicode.org/Public/UNIDATA/DerivedNormalizationProps.txt');
download('http://www.unicode.org/Public/UNIDATA/UnicodeData.txt');
echo "\n";
require_once($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
$file_contents = array();
/**
* Generate some Hangul/Jamo stuff
*/
echo "\nGenerating Hangul and Jamo tables\n";
for ($i = 0; $i < UNICODE_HANGUL_LCOUNT; ++$i)
{
$utf_char = cp_to_utf(UNICODE_HANGUL_LBASE + $i);
$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i * UNICODE_HANGUL_VCOUNT * UNICODE_HANGUL_TCOUNT + UNICODE_HANGUL_SBASE;
$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_L;
}
for ($i = 0; $i < UNICODE_HANGUL_VCOUNT; ++$i)
{
$utf_char = cp_to_utf(UNICODE_HANGUL_VBASE + $i);
$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i * UNICODE_HANGUL_TCOUNT;
$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_V;
}
for ($i = 0; $i < UNICODE_HANGUL_TCOUNT; ++$i)
{
$utf_char = cp_to_utf(UNICODE_HANGUL_TBASE + $i);
$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i;
$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_T;
}
/**
* Load the CompositionExclusions table
*/
echo "Loading CompositionExclusion\n";
$fp = fopen('CompositionExclusions.txt', 'rt');
$exclude = array();
while (!feof($fp))
{
$line = fgets($fp, 1024);
if (!strpos(' 0123456789ABCDEFabcdef', $line[0]))
{
continue;
}
$cp = strtok($line, ' ');
if ($pos = strpos($cp, '..'))
{
$start = hexdec(substr($cp, 0, $pos));
$end = hexdec(substr($cp, $pos + 2));
for ($i = $start; $i < $end; ++$i)
{
$exclude[$i] = 1;
}
}
else
{
$exclude[hexdec($cp)] = 1;
}
}
fclose($fp);
/**
* Load QuickCheck tables
*/
echo "Generating QuickCheck tables\n";
$fp = fopen('DerivedNormalizationProps.txt', 'rt');
while (!feof($fp))
{
$line = fgets($fp, 1024);
if (!strpos(' 0123456789ABCDEFabcdef', $line[0]))
{
continue;
}
$p = array_map('trim', explode(';', strtok($line, '#')));
/**
* Capture only NFC_QC, NFKC_QC
*/
if (!preg_match('#^NFK?C_QC$#', $p[1]))
{
continue;
}
if ($pos = strpos($p[0], '..'))
{
$start = hexdec(substr($p[0], 0, $pos));
$end = hexdec(substr($p[0], $pos + 2));
}
else
{
$start = $end = hexdec($p[0]);
}
if ($start >= UTF8_HANGUL_FIRST && $end <= UTF8_HANGUL_LAST)
{
/**
* We do not store Hangul syllables in the array
*/
continue;
}
if ($p[2] == 'M')
{
$val = UNICODE_QC_MAYBE;
}
else
{
$val = UNICODE_QC_NO;
}
if ($p[1] == 'NFKC_QC')
{
$file = 'utf_nfkc_qc';
}
else
{
$file = 'utf_nfc_qc';
}
for ($i = $start; $i <= $end; ++$i)
{
/**
* The vars have the same name as the file: $utf_nfc_qc is in utf_nfc_qc.php
*/
$file_contents[$file][$file][cp_to_utf($i)] = $val;
}
}
fclose($fp);
/**
* Do mappings
*/
echo "Loading Unicode decomposition mappings\n";
$fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
$map = array();
while (!feof($fp))
{
$p = explode(';', fgets($fp, 1024));
$cp = hexdec($p[0]);
if (!empty($p[3]))
{
/**
* Store combining class > 0
*/
$file_contents['utf_normalizer_common']['utf_combining_class'][cp_to_utf($cp)] = (int) $p[3];
}
if (!isset($p[5]) || !preg_match_all('#[0-9A-F]+#', strip_tags($p[5]), $m))
{
continue;
}
if (strpos($p[5], '>'))
{
$map['NFKD'][$cp] = implode(' ', array_map('hexdec', $m[0]));
}
else
{
$map['NFD'][$cp] = $map['NFKD'][$cp] = implode(' ', array_map('hexdec', $m[0]));
}
}
fclose($fp);
/**
* Build the canonical composition table
*/
echo "Generating the Canonical Composition table\n";
foreach ($map['NFD'] as $cp => $decomp_seq)
{
if (!strpos($decomp_seq, ' ') || isset($exclude[$cp]))
{
/**
* Singletons are excluded from canonical composition
*/
continue;
}
$utf_seq = implode('', array_map('cp_to_utf', explode(' ', $decomp_seq)));
if (!isset($file_contents['utf_canonical_comp']['utf_canonical_comp'][$utf_seq]))
{
$file_contents['utf_canonical_comp']['utf_canonical_comp'][$utf_seq] = cp_to_utf($cp);
}
}
/**
* Decompose the NF[K]D mappings recursively and prepare the file contents
*/
echo "Generating the Canonical and Compatibility Decomposition tables\n\n";
foreach ($map as $type => $decomp_map)
{
foreach ($decomp_map as $cp => $decomp_seq)
{
$decomp_map[$cp] = decompose($decomp_map, $decomp_seq);
}
unset($decomp_seq);
if ($type == 'NFKD')
{
$file = 'utf_compatibility_decomp';
$var = 'utf_compatibility_decomp';
}
else
{
$file = 'utf_canonical_decomp';
$var = 'utf_canonical_decomp';
}
/**
* Generate the corresponding file
*/
foreach ($decomp_map as $cp => $decomp_seq)
{
$file_contents[$file][$var][cp_to_utf($cp)] = implode('', array_map('cp_to_utf', explode(' ', $decomp_seq)));
}
}
/**
* Generate and/or alter the files
*/
foreach ($file_contents as $file => $contents)
{
/**
* Generate a new file
*/
echo "Writing to $file.$phpEx\n";
if (!$fp = fopen($phpbb_root_path . 'includes/utf/data/' . $file . '.' . $phpEx, 'wb'))
{
trigger_error('Cannot open ' . $file . ' for write');
}
fwrite($fp, '<?php');
foreach ($contents as $var => $val)
{
fwrite($fp, "\n\$GLOBALS[" . my_var_export($var) . ']=' . my_var_export($val) . ";");
}
fclose($fp);
}
echo "\n*** UTF-8 normalization tables done\n\n";
/**
* Now we'll generate the files needed by the search indexer
*/
echo "Generating search indexer tables\n";
$fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
$map = array();
while ($line = fgets($fp, 1024))
{
/**
* The current line is split, $m[0] hold the codepoint in hexadecimal and
* all other fields numbered as in http://www.unicode.org/Public/UNIDATA/UCD.html#UnicodeData.txt
*/
$m = explode(';', $line);
/**
* @var integer $cp Current char codepoint
* @var string $utf_char UTF-8 representation of current char
*/
$cp = hexdec($m[0]);
$utf_char = cp_to_utf($cp);
/**
* $m[2] holds the "General Category" of the character
* @link http://www.unicode.org/Public/UNIDATA/UCD.html#General_Category_Values
*/
switch ($m[2][0])
{
case 'L':
/**
* We allow all letters and map them to their lowercased counterpart on the fly
*/
$map_to_hex = (isset($m[13][0])) ? $m[13] : $m[0];
if (preg_match('#^LATIN.*(?:LETTER|LIGATURE) ([A-Z]{2}(?![A-Z]))$#', $m[1], $capture))
{
/**
* Special hack for some latin ligatures. Using the name of a character
* is bad practice, but for now it works well enough.
*
* @todo Note that ligatures with combining marks such as U+01E2 are
* not supported at this time
*/
$map[$cp] = strtolower($capture[1]);
}
elseif (isset($m[13][0]))
{
/**
* If the letter has a lowercased form, use it
*/
$map[$cp] = hex_to_utf($m[13]);
}
else
{
/**
* In all other cases, map the letter to itself
*/
$map[$cp] = $utf_char;
}
break;
case 'M':
/**
* We allow all marks, they are mapped to themselves
*/
$map[$cp] = $utf_char;
break;
case 'N':
/**
* We allow all numbers, but we map them to their numeric value whenever
* possible. The numeric value (field #8) is in ASCII already
*
* @todo Note that fractions such as U+00BD will be converted to something
* like "1/2", with a slash. However, "1/2" entered in ASCII is converted
* to "1 2". This will have to be fixed.
*/
$map[$cp] = (isset($m[8][0])) ? $m[8] : $utf_char;
break;
default:
/**
* Everything else is ignored, skip to the next line
*/
continue 2;
}
}
fclose($fp);
/**
* Add some cheating
*/
$cheats = array(
'00DF' => 'ss', # German sharp S
'00D6' => 'oe', # Capital O with diaeresis
'00F6' => 'oe', # Small O with diaeresis
);
/**
* Add our "cheat replacements" to the map
*/
foreach ($cheats as $hex => $map_to)
{
$map[hexdec($hex)] = $map_to;
}
/**
* Split the map into smaller blocks
*/
$file_contents = array();
foreach ($map as $cp => $map_to)
{
$file_contents[$cp >> 11][cp_to_utf($cp)] = $map_to;
}
unset($map);
foreach ($file_contents as $idx => $contents)
{
echo "Writing to search_indexer_$idx.$phpEx\n";
$fp = fopen($phpbb_root_path . 'includes/utf/data/search_indexer_' . $idx . '.' . $phpEx, 'wb');
fwrite($fp, '<?php return ' . my_var_export($contents) . ';');
fclose($fp);
}
echo "\n*** Search indexer tables done\n\n";
die("\nAll done!\n");
////////////////////////////////////////////////////////////////////////////////
// Internal functions //
////////////////////////////////////////////////////////////////////////////////
/**
* Decompose a sequence recusively
*
* @param array $decomp_map Decomposition mapping, passed by reference
* @param string $decomp_seq Decomposition sequence as decimal codepoints separated with a space
* @return string Decomposition sequence, fully decomposed
*/
function decompose(&$decomp_map, $decomp_seq)
{
$ret = array();
foreach (explode(' ', $decomp_seq) as $cp)
{
if (isset($decomp_map[$cp]))
{
$ret[] = decompose($decomp_map, $decomp_map[$cp]);
}
else
{
$ret[] = $cp;
}
}
return implode(' ', $ret);
}
/**
* Return a parsable string representation of a variable
*
* This is function is limited to array/strings/integers
*
* @param mixed $var Variable
* @return string PHP code representing the variable
*/
function my_var_export($var)
{
if (is_array($var))
{
$lines = array();
foreach ($var as $k => $v)
{
$lines[] = my_var_export($k) . '=>' . my_var_export($v);
}
return 'array(' . implode(',', $lines) . ')';
}
elseif (is_string($var))
{
return "'" . str_replace(array('\\', "'"), array('\\\\', "\\'"), $var) . "'";
}
else
{
return $var;
}
}
/**
* Download a file to the develop/ dir
*
* @param string $url URL of the file to download
* @return void
*/
function download($url)
{
global $phpbb_root_path;
if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
{
return;
}
echo 'Downloading from ', $url, ' ';
if (!$fpr = fopen($url, 'rb'))
{
die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
}
if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
{
die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
}
$i = 0;
$chunk = 32768;
$done = '';
while (!feof($fpr))
{
$i += fwrite($fpw, fread($fpr, $chunk));
echo str_repeat("\x08", strlen($done));
$done = ($i >> 10) . ' KiB';
echo $done;
}
fclose($fpr);
fclose($fpw);
echo "\n";
}
/**
* Convert a codepoint in hexadecimal to a UTF-8 char
*
* @param string $hex Codepoint, in hexadecimal
* @return string UTF-8 char
*/
function hex_to_utf($hex)
{
return cp_to_utf(hexdec($hex));
}
/**
* Return a UTF string formed from a sequence of codepoints in hexadecimal
*
* @param string $seq Sequence of codepoints, separated with a space
* @return string UTF-8 string
*/
function hexseq_to_utf($seq)
{
return implode('', array_map('hex_to_utf', explode(' ', $seq)));
}
/**
* Convert a codepoint to a UTF-8 char
*
* @param integer $cp Unicode codepoint
* @return string UTF-8 string
*/
function cp_to_utf($cp)
{
if ($cp > 0xFFFF)
{
return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
}
elseif ($cp > 0x7FF)
{
return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
}
elseif ($cp > 0x7F)
{
return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
}
else
{
return chr($cp);
}
}

380
phpBB/develop/utf_normalizer_test.php Normal file
View file

@ -0,0 +1,380 @@
<?php
/**
*
* @package phpBB3
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
if (php_sapi_name() != 'cli')
{
die("This program must be run from the command line.\n");
}
set_time_limit(0);
error_reporting(E_ALL);
define('IN_PHPBB', true);
$phpbb_root_path = '../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
/**
* Let's download some files we need
*/
download('http://www.unicode.org/Public/UNIDATA/NormalizationTest.txt');
download('http://www.unicode.org/Public/UNIDATA/UnicodeData.txt');
/**
* Those are the tests we run
*/
$test_suite = array(
/**
* NFC
* c2 == NFC(c1) == NFC(c2) == NFC(c3)
* c4 == NFC(c4) == NFC(c5)
*/
'NFC' => array(
'c2' => array('c1', 'c2', 'c3'),
'c4' => array('c4', 'c5')
),
/**
* NFD
* c3 == NFD(c1) == NFD(c2) == NFD(c3)
* c5 == NFD(c4) == NFD(c5)
*/
'NFD' => array(
'c3' => array('c1', 'c2', 'c3'),
'c5' => array('c4', 'c5')
),
/**
* NFKC
* c4 == NFKC(c1) == NFKC(c2) == NFKC(c3) == NFKC(c4) == NFKC(c5)
*/
'NFKC' => array(
'c4' => array('c1', 'c2', 'c3', 'c4', 'c5')
),
/**
* NFKD
* c5 == NFKD(c1) == NFKD(c2) == NFKD(c3) == NFKD(c4) == NFKD(c5)
*/
'NFKD' => array(
'c5' => array('c1', 'c2', 'c3', 'c4', 'c5')
)
);
require_once($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
$i = $n = 0;
$failed = FALSE;
$tested_chars = array();
$fp = fopen($phpbb_root_path . 'develop/NormalizationTest.txt', 'rb');
while (!feof($fp))
{
$line = fgets($fp);
++$n;
if ($line[0] == '@')
{
if ($i)
{
echo "done\n";
}
$i = 0;
echo "\n", substr($line, 1), "\n\n";
continue;
}
if (!strpos(' 0123456789ABCDEF', $line[0]))
{
continue;
}
if (++$i % 100 == 0)
{
echo $i, ' ';
}
list($c1, $c2, $c3, $c4, $c5) = explode(';', $line);
if (!strpos($c1, ' '))
{
/**
* We are currently testing a single character, we add it to the list of
* characters we have processed so that we can exclude it when testing
* for invariants
*/
$tested_chars[$c1] = 1;
}
foreach ($test_suite as $form => $serie)
{
foreach ($serie as $expected => $tests)
{
$hex_expected = ${$expected};
$utf_expected = hexseq_to_utf($hex_expected);
foreach ($tests as $test)
{
$utf_result = call_user_func(array('utf_normalizer', $form), $utf_expected);
if (strcmp($utf_expected, $utf_result))
{
$failed = TRUE;
$hex_result = utf_to_hexseq($utf_result);
echo "\nFAILED $expected == $form($test) ($hex_expected != $hex_result)";
}
}
}
if ($failed)
{
die("\n\nFailed at line $n\n");
}
}
}
fclose($fp);
/**
* Test for invariants
*/
echo "\n\nTesting for invariants...\n\n";
$fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
$n = 0;
while (!feof($fp))
{
if (++$n % 100 == 0)
{
echo $n, ' ';
}
$line = fgets($fp, 1024);
if (!$pos = strpos($line, ';'))
{
continue;
}
$hex_tested = $hex_expected = substr($line, 0, $pos);
if (isset($tested_chars[$hex_tested]))
{
continue;
}
$utf_expected = hex_to_utf($hex_expected);
if ($utf_expected >= UTF8_SURROGATE_FIRST
&& $utf_expected <= UTF8_SURROGATE_LAST)
{
/**
* Surrogates are illegal on their own, we expect the normalizer
* to return a replacement char
*/
$utf_expected = UTF8_REPLACEMENT;
$hex_expected = utf_to_hexseq($utf_expected);
}
foreach (array('nfc', 'nfkc', 'nfd', 'nfkd') as $form)
{
$utf_result = utf_normalizer::$form($utf_expected);
$hex_result = utf_to_hexseq($utf_result);
// echo "$form($utf_expected) == $utf_result\n";
if (strcmp($utf_expected, $utf_result))
{
$failed = 1;
echo "\nFAILED $hex_expected == $form($hex_tested) ($hex_expected != $hex_result)";
}
}
if ($failed)
{
die("\n\nFailed at line $n\n");
}
}
fclose($fp);
die("\n\nALL TESTS PASSED SUCCESSFULLY\n");
/**
* Download a file to the develop/ dir
*
* @param string $url URL of the file to download
* @return void
*/
function download($url)
{
global $phpbb_root_path;
if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
{
return;
}
echo 'Downloading from ', $url, ' ';
if (!$fpr = fopen($url, 'rb'))
{
die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
}
if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
{
die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
}
$i = 0;
$chunk = 32768;
$done = '';
while (!feof($fpr))
{
$i += fwrite($fpw, fread($fpr, $chunk));
echo str_repeat("\x08", strlen($done));
$done = ($i >> 10) . ' KiB';
echo $done;
}
fclose($fpr);
fclose($fpw);
echo "\n";
}
/**
* Convert a UTF string to a sequence of codepoints in hexadecimal
*
* @param string $utf UTF string
* @return integer Unicode codepoints in hex
*/
function utf_to_hexseq($str)
{
$pos = 0;
$len = strlen($str);
$ret = array();
while ($pos < $len)
{
$c = $str[$pos];
switch ($c & "\xF0")
{
case "\xC0":
case "\xD0":
$utf_char = substr($str, $pos, 2);
$pos += 2;
break;
case "\xE0":
$utf_char = substr($str, $pos, 3);
$pos += 3;
break;
case "\xF0":
$utf_char = substr($str, $pos, 4);
$pos += 4;
break;
default:
$utf_char = $c;
++$pos;
}
$hex = dechex(utf_to_cp($utf_char));
if (!isset($hex[3]))
{
$hex = substr('000' . $hex, -4);
}
$ret[] = $hex;
}
return strtr(implode(' ', $ret), 'abcdef', 'ABCDEF');
}
/**
* Convert a UTF-8 char to its codepoint
*
* @param string $utf_char UTF-8 char
* @return integer Unicode codepoint
*/
function utf_to_cp($utf_char)
{
switch (strlen($utf_char))
{
case 1:
return ord($utf_char);
case 2:
return ((ord($utf_char[0]) & 0x1F) << 6) | (ord($utf_char[1]) & 0x3F);
case 3:
return ((ord($utf_char[0]) & 0x0F) << 12) | ((ord($utf_char[1]) & 0x3F) << 6) | (ord($utf_char[2]) & 0x3F);
case 4:
return ((ord($utf_char[0]) & 0x07) << 18) | ((ord($utf_char[1]) & 0x3F) << 12) | ((ord($utf_char[2]) & 0x3F) << 6) | (ord($utf_char[3]) & 0x3F);
default:
die('UTF-8 chars can only be 1-4 bytes long');
}
}
/**
* Return a UTF string formed from a sequence of codepoints in hexadecimal
*
* @param string $seq Sequence of codepoints, separated with a space
* @return string UTF-8 string
*/
function hexseq_to_utf($seq)
{
return implode('', array_map('hex_to_utf', explode(' ', $seq)));
}
/**
* Convert a codepoint in hexadecimal to a UTF-8 char
*
* @param string $hex Codepoint, in hexadecimal
* @return string UTF-8 char
*/
function hex_to_utf($hex)
{
return cp_to_utf(hexdec($hex));
}
/**
* Convert a codepoint to a UTF-8 char
*
* @param integer $cp Unicode codepoint
* @return string UTF-8 string
*/
function cp_to_utf($cp)
{
if ($cp > 0xFFFF)
{
return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
}
elseif ($cp > 0x7FF)
{
return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
}
elseif ($cp > 0x7F)
{
return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
}
else
{
return chr($cp);
}
}

6
phpBB/docs/AUTHORS
View file

@ -14,12 +14,12 @@ phpBB Project Manager : theFinn (James Atkinson)
phpBB Lead Developers : Acyd Burn (Meik Sievertsen)
psoTFX (Paul S. Owen) [2001 - 09/2005]
phpBB Developers : DavidMJ (David M.)
phpBB Developers : Ashe (Ludovic Arnaud) - [10/2002 - 11/2003, 06/2006 - ]
DavidMJ (David M.)
GrahamJE (Graham Eames)
naderman (Nils Aderman)
naderman (Nils Adermann)
subBlue (Tom Beddard)
Ashe (Ludovic Arnaud) - [10/2002 - 11/2003]
BartVB (Bart van Bragt) - [11/2000 - 03/2006]

132
phpBB/download.php
View file

@ -17,12 +17,10 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
$download_id = request_var('id', 0);
// Thumbnails are not handled by this file by default - but for modders this should be interesting. ;)
$thumbnail = request_var('t', false);
// Start session management
$user->session_begin();
// Start session management, do not update session page.
$user->session_begin(false);
$auth->acl($user->data);
$user->setup('viewtopic');
@ -65,6 +63,19 @@ if (!$attachment['in_message'])
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Global announcement?
if (!$row)
{
$forum_id = request_var('f', 0);
$sql = 'SELECT forum_id, forum_password, parent_id
FROM ' . FORUMS_TABLE . '
WHERE forum_id = ' . $forum_id;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
{
if ($row['forum_password'])
@ -81,7 +92,7 @@ if (!$attachment['in_message'])
else
{
$row['forum_id'] = 0;
if (!$auth->acl_get('u_pm_download') || !$config['auth_download_pm'])
if (!$auth->acl_get('u_pm_download'))
{
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
@ -116,12 +127,13 @@ if (!$attachment)
$attachment['physical_filename'] = basename($attachment['physical_filename']);
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if ($thumbnail)
{
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
}
else
else if ($display_cat == ATTACHMENT_CATEGORY_NONE)
{
// Update download count
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
@ -162,51 +174,11 @@ function send_file_to_browser($attachment, $upload_dir, $category)
trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
}
// Determine the Browser the User is using, because of some nasty incompatibilities.
// borrowed from phpMyAdmin. :)
$user_agent = $user->browser;
if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $user_agent, $log_version))
{
$browser_version = $log_version[2];
$browser_agent = 'opera';
}
else if (ereg('MSIE ([0-9].[0-9]{1,2})', $user_agent, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'ie';
}
else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $user_agent, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'omniweb';
}
else if (ereg('(Konqueror/)(.*)(;)', $user_agent, $log_version))
{
$browser_version = $log_version[2];
$browser_agent = 'konqueror';
}
else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version) && ereg('Safari/([0-9]*)', $user_agent, $log_version2))
{
$browser_version = $log_version[1] . '.' . $log_version2[1];
$browser_agent = 'safari';
}
else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'mozilla';
}
else
{
$browser_version = 0;
$browser_agent = 'other';
}
// Correct the mime type - we force application/octetstream for all files, except images
// Please do not change this, it is a security precaution
if ($category == ATTACHMENT_CATEGORY_NONE && strpos($attachment['mimetype'], 'image') === false)
{
$attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
$attachment['mimetype'] = (strpos(strtolower($user->browser), 'msie') !== false || strpos(strtolower($user->browser), 'opera') !== false) ? 'application/octetstream' : 'application/octet-stream';
}
if (@ob_get_length())
@ -214,31 +186,40 @@ function send_file_to_browser($attachment, $upload_dir, $category)
@ob_end_clean();
}
// Now send the File Contents to the Browser
$size = @filesize($filename);
// Might not be ideal to store the contents, but file_get_contents is binary-safe as well as the recommended method
// To correctly display further errors we need to make sure we are using the correct headers for both (unsetting content-length may not work)
$contents = @file_get_contents($filename);
// Check if headers already sent or not able to get the file contents.
if (headers_sent() || $contents === false)
{
unset($contents);
// PHP track_errors setting On?
if (!empty($php_errormsg))
{
trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
}
trigger_error('UNABLE_TO_DELIVER_FILE');
}
// Now the tricky part... let's dance
header('Pragma: public');
// Send out the Headers
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
// Now send the File Contents to the Browser
$size = @filesize($filename);
if ($size)
{
header("Content-length: $size");
}
$result = @readfile($filename);
if (!$result)
{
// PHP track_errors setting On?
if (!empty($php_errormsg))
{
trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_ERROR);
}
trigger_error('Unable to deliver file.', E_USER_ERROR);
}
echo $contents;
unset($contents);
flush();
exit;
@ -256,7 +237,7 @@ function download_allowed()
return true;
}
$url = (getenv('HTTP_REFERER')) ? trim(getenv('HTTP_REFERER')) : trim($_SERVER['HTTP_REFERER']);
$url = (!empty($_SERVER['HTTP_REFERER'])) ? trim($_SERVER['HTTP_REFERER']) : trim(getenv('HTTP_REFERER'));
if (!$url)
{
@ -264,20 +245,27 @@ function download_allowed()
}
// Split URL into domain and script part
$url = explode('?', str_replace(array('http://', 'https://'), array('', ''), $url));
$hostname = trim($url[0]);
$url = @parse_url($url);
if ($url === false)
{
return ($config['secure_allow_empty_referer']) ? true : false;
}
$hostname = $url['host'];
unset($url);
$allowed = ($config['secure_allow_deny']) ? false : true;
$iplist = array();
$ip_ary = gethostbynamel($hostname);
foreach ($ip_ary as $ip)
if (($ip_ary = @gethostbynamel($hostname)) !== false)
{
if ($ip)
foreach ($ip_ary as $ip)
{
$iplist[] = $ip;
if ($ip)
{
$iplist[] = $ip;
}
}
}
@ -311,7 +299,7 @@ function download_allowed()
{
foreach ($iplist as $ip)
{
if (preg_match('#^' . str_replace('*', '.*?', $site_ip) . '$#i', $ip))
if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_ip, '#')) . '$#i', $ip))
{
if ($row['ip_exclude'])
{
@ -328,7 +316,7 @@ function download_allowed()
if ($site_hostname)
{
if (preg_match('#^' . str_replace('*', '.*?', $site_hostname) . '$#i', $hostname))
if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_hostname, '#')) . '$#i', $hostname))
{
if ($row['ip_exclude'])
{

77
phpBB/includes/acm/acm_file.php
View file

@ -19,6 +19,7 @@ class acm
var $is_modified = false;
var $sql_rowset = array();
var $sql_row_pointer = array();
/**
* Set cache path
@ -56,6 +57,7 @@ class acm
unset($this->vars);
unset($this->var_expires);
unset($this->sql_rowset);
unset($this->sql_row_pointer);
}
/**
@ -69,7 +71,7 @@ class acm
}
global $phpEx;
$file = '<?php $this->vars=' . $this->format_array($this->vars) . ";\n\$this->var_expires=" . $this->format_array($this->var_expires) . ' ?>';
$file = "<?php\n\$this->vars = " . $this->format_array($this->vars) . ";\n\n\$this->var_expires = " . $this->format_array($this->var_expires) . "\n?>";
if ($fp = @fopen($this->cache_dir . 'data_global.' . $phpEx, 'wb'))
{
@ -255,26 +257,28 @@ class acm
/**
* Format an array to be stored on filesystem
*/
function format_array($array)
function format_array($array, $tab = '')
{
$tab .= "\t";
$lines = array();
foreach ($array as $k => $v)
{
if (is_array($v))
{
$lines[] = "\n'$k' => " . $this->format_array($v);
$lines[] = "\n{$tab}'$k' => " . $this->format_array($v, $tab);
}
else if (is_int($v))
{
$lines[] = "\n'$k' => $v";
$lines[] = "\n{$tab}'$k' => $v";
}
else if (is_bool($v))
{
$lines[] = "\n'$k' => " . (($v) ? 'true' : 'false');
$lines[] = "\n{$tab}'$k' => " . (($v) ? 'true' : 'false');
}
else
{
$lines[] = "\n'$k' => '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
$lines[] = "\n{$tab}'$k' => '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
}
}
@ -309,6 +313,8 @@ class acm
return false;
}
$this->sql_row_pointer[$query_id] = 0;
return $query_id;
}
@ -329,6 +335,7 @@ class acm
$lines = array();
$query_id = sizeof($this->sql_rowset);
$this->sql_rowset[$query_id] = array();
$this->sql_row_pointer[$query_id] = 0;
while ($row = $db->sql_fetchrow($query_result))
{
@ -359,7 +366,63 @@ class acm
*/
function sql_fetchrow($query_id)
{
return array_shift($this->sql_rowset[$query_id]);
if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
{
return $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++];
}
return false;
}
/**
* Fetch the number of rows from cache (database)
*/
function sql_numrows($query_id)
{
return sizeof($this->sql_rowset[$query_id]);
}
/**
* Fetch a field from the current row of a cached database result (database)
*/
function sql_fetchfield($query_id, $field)
{
if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
{
return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field] : false;
}
return false;
}
/**
* Seek a specific row in an a cached database result (database)
*/
function sql_rowseek($query_id, $rownum)
{
if ($rownum >= sizeof($this->sql_rowset[$query_id]))
{
return false;
}
$this->sql_row_pointer[$query_id] = $rownum;
return true;
}
/**
* Free memory used for a cached database result (database)
*/
function sql_freeresult($query_id)
{
if (!isset($this->sql_rowset[$query_id]))
{
return false;
}
unset($this->sql_rowset[$query_id]);
unset($this->sql_row_pointer[$query_id]);
return true;
}
}

71
phpBB/includes/acp/acp_attachments.php
View file

@ -78,7 +78,7 @@ class acp_attachments
}
$db->sql_freeresult($result);
$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((sizeof($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode(', ', $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NONE']) . ']';
$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((sizeof($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode(', ', $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
$display_vars = array(
'title' => 'ACP_ATTACHMENT_SETTINGS',
@ -97,7 +97,7 @@ class acp_attachments
'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'type' => 'text:3:3', 'explain' => false),
'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'type' => 'radio:yes_no', 'explain' => true),
'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERER', 'type' => 'radio:yes_no', 'explain' => true),
'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => $l_legend_cat_images,
'img_display_inlined' => array('lang' => 'DISPLAY_INLINED', 'type' => 'radio:yes_no', 'explain' => true),
@ -294,7 +294,7 @@ class acp_attachments
{
$sql = 'SELECT extension
FROM ' . EXTENSIONS_TABLE . '
WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
$result = $db->sql_query($sql);
$extension_list = '';
@ -306,7 +306,7 @@ class acp_attachments
$sql = 'DELETE
FROM ' . EXTENSIONS_TABLE . '
WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
$db->sql_query($sql);
add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list);
@ -508,7 +508,7 @@ class acp_attachments
{
$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
SET group_id = $group_id
WHERE extension_id IN (" . implode(', ', $extension_list) . ")";
WHERE " . $db->sql_in_set('extension_id', $extension_list);
$db->sql_query($sql);
}
@ -521,7 +521,7 @@ class acp_attachments
}
$cat_lang = array(
ATTACHMENT_CATEGORY_NONE => $user->lang['NONE'],
ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'],
ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'],
ATTACHMENT_CATEGORY_WM => $user->lang['CAT_WM_FILES'],
ATTACHMENT_CATEGORY_RM => $user->lang['CAT_RM_FILES']
@ -631,25 +631,30 @@ class acp_attachments
$img_path = $config['upload_icons_path'];
$imglist = filelist($phpbb_root_path . $img_path);
$imglist = array_values($imglist);
$imglist = $imglist[0];
$filename_list = '';
$no_image_select = false;
foreach ($imglist as $key => $img)
{
if (!$ext_group_row['upload_icon'])
{
$no_image_select = true;
$selected = '';
}
else
{
$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
}
$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
$imglist = filelist($phpbb_root_path . $img_path);
if (sizeof($imglist))
{
$imglist = array_values($imglist);
$imglist = $imglist[0];
foreach ($imglist as $key => $img)
{
if (!$ext_group_row['upload_icon'])
{
$no_image_select = true;
$selected = '';
}
else
{
$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
}
$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
}
}
$i = 0;
@ -701,7 +706,7 @@ class acp_attachments
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id ASC';
$result = $db->sql_query($sql);
$result = $db->sql_query($sql, 600);
$right = $cat_right = $padding_inc = 0;
$padding = $forum_list = $holding = '';
@ -860,7 +865,7 @@ class acp_attachments
$sql = 'SELECT forum_id, topic_id, post_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', array_keys($upload_list)) . ')';
WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -954,7 +959,7 @@ class acp_attachments
global $db, $user;
$types = array(
ATTACHMENT_CATEGORY_NONE => $user->lang['NONE'],
ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'],
ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'],
ATTACHMENT_CATEGORY_WM => $user->lang['CAT_WM_FILES'],
ATTACHMENT_CATEGORY_RM => $user->lang['CAT_RM_FILES']
@ -1097,7 +1102,7 @@ class acp_attachments
'in_message' => 0,
'physical_filename' => $filedata['physical_filename'],
'real_filename' => $filedata['real_filename'],
'comment' => $message_parser->filename_data['filecomment'],
'attach_comment' => $message_parser->filename_data['filecomment'],
'extension' => $filedata['extension'],
'mimetype' => $filedata['mimetype'],
'filesize' => $filedata['filesize'],
@ -1145,7 +1150,7 @@ class acp_attachments
{
$imagick = '';
$exe = ((defined('PHP_OS')) && (preg_match('#win#i', PHP_OS))) ? '.exe' : '';
$exe = ((defined('PHP_OS')) && (preg_match('#^win#i', PHP_OS))) ? '.exe' : '';
$magic_home = getenv('MAGICK_HOME');
@ -1368,16 +1373,16 @@ class acp_attachments
}
else if (isset($_POST['unsecuresubmit']))
{
$unip_sql = implode(', ', array_map('intval', $_POST['unip']));
$unip_sql = array_map('intval', $_POST['unip']);
if ($unip_sql != '')
if (sizeof($unip_sql))
{
$l_unip_list = '';
// Grab details of ips for logging information later
$sql = 'SELECT site_ip, site_hostname
FROM ' . SITELIST_TABLE . "
WHERE site_id IN ($unip_sql)";
FROM ' . SITELIST_TABLE . '
WHERE ' . $db->sql_in_set('site_id', $unip_sql);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1386,8 +1391,8 @@ class acp_attachments
}
$db->sql_freeresult($result);
$sql = 'DELETE FROM ' . SITELIST_TABLE . "
WHERE site_id IN ($unip_sql)";
$sql = 'DELETE FROM ' . SITELIST_TABLE . '
WHERE ' . $db->sql_in_set('site_id', $unip_sql);
$db->sql_query($sql);
add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list);

17
phpBB/includes/acp/acp_bbcodes.php
View file

@ -33,12 +33,12 @@ class acp_bbcodes
switch ($action)
{
case 'add':
$bbcode_match = $bbcode_tpl = '';
$bbcode_match = $bbcode_tpl = $bbcode_helpline = '';
$display_on_posting = 0;
break;
case 'edit':
$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting
$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting, bbcode_helpline
FROM ' . BBCODES_TABLE . '
WHERE bbcode_id = ' . $bbcode_id;
$result = $db->sql_query($sql);
@ -53,6 +53,7 @@ class acp_bbcodes
$bbcode_match = $row['bbcode_match'];
$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
$display_on_posting = $row['display_on_posting'];
$bbcode_helpline = html_entity_decode($row['bbcode_helpline']);
break;
case 'modify':
@ -75,6 +76,7 @@ class acp_bbcodes
$bbcode_match = request_var('bbcode_match', '');
$bbcode_tpl = html_entity_decode(request_var('bbcode_tpl', ''));
$bbcode_helpline = htmlspecialchars(request_var('bbcode_helpline', ''));
break;
}
@ -89,8 +91,10 @@ class acp_bbcodes
'U_BACK' => $this->u_action,
'U_ACTION' => $this->u_action . '&amp;action=' . (($action == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&amp;bbcode=$bbcode_id" : ''),
'L_BBCODE_USAGE_EXPLAIN'=> sprintf($user->lang['BBCODE_USAGE_EXPLAIN'], '<a href="#down">', '</a>'),
'BBCODE_MATCH' => $bbcode_match,
'BBCODE_TPL' => $bbcode_tpl,
'BBCODE_HELPLINE' => $bbcode_helpline,
'DISPLAY_ON_POSTING' => $display_on_posting)
);
@ -134,6 +138,7 @@ class acp_bbcodes
'bbcode_match' => $bbcode_match,
'bbcode_tpl' => $bbcode_tpl,
'display_on_posting' => $display_on_posting,
'bbcode_helpline' => $bbcode_helpline,
'first_pass_match' => $data['first_pass_match'],
'first_pass_replace' => $data['first_pass_replace'],
'second_pass_match' => $data['second_pass_match'],
@ -163,7 +168,7 @@ class acp_bbcodes
$bbcode_id = NUM_CORE_BBCODES + 1;
}
if ($bbcode_id > 31)
if ($bbcode_id > 1511)
{
trigger_error('TOO_MANY_BBCODES');
}
@ -278,8 +283,8 @@ class acp_bbcodes
{
$token_type = $m[1][$n];
reset($tokens[$token_type]);
list($match, $replace) = each($tokens[$token_type]);
reset($tokens[strtoupper($token_type)]);
list($match, $replace) = each($tokens[strtoupper($token_type)]);
// Pad backreference numbers from tokens
if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad))
@ -337,7 +342,7 @@ class acp_bbcodes
}
// Lowercase tags
$bbcode_tag = preg_replace('/.*?\[([a-z]+=?).*/i', '$1', $bbcode_match);
$bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+=?).*/i', '$1', $bbcode_match);
$fp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_match);
$fp_replace = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_replace);
$sp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $sp_match);

99
phpBB/includes/acp/acp_board.php
View file

@ -40,9 +40,9 @@ class acp_board
'board_disable_msg' => false,
'default_lang' => array('lang' => 'DEFAULT_LANGUAGE', 'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
'default_dateformat' => array('lang' => 'DEFAULT_DATE_FORMAT', 'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true),
'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
'board_dst' => array('lang' => 'SYSTEM_DST', 'type' => 'radio:yes_no', 'explain' => false),
'default_style' => array('lang' => 'DEFAULT_STYLE', 'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', true), 'explain' => false),
'default_style' => array('lang' => 'DEFAULT_STYLE', 'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
'override_user_style' => array('lang' => 'OVERRIDE_STYLE', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => 'WARNINGS',
@ -71,6 +71,14 @@ class acp_board
'allow_sig_smilies' => array('lang' => 'ALLOW_SIG_SMILIES', 'type' => 'radio:yes_no', 'explain' => false),
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => 'ACP_LOAD_SETTINGS',
'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'type' => 'radio:yes_no', 'explain' => false),
'load_moderators' => array('lang' => 'YES_MODERATORS', 'type' => 'radio:yes_no', 'explain' => false),
'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_memberlist' => array('lang' => 'LOAD_CPF_MEMBERLIST', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_viewprofile' => array('lang' => 'LOAD_CPF_VIEWPROFILE', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_viewtopic' => array('lang' => 'LOAD_CPF_VIEWTOPIC', 'type' => 'radio:yes_no', 'explain' => false),
)
);
break;
@ -104,14 +112,13 @@ class acp_board
'pm_max_boxes' => array('lang' => 'BOXES_MAX', 'type' => 'text:4:4', 'explain' => true),
'pm_max_msgs' => array('lang' => 'BOXES_LIMIT', 'type' => 'text:4:4', 'explain' => true),
'full_folder_action' => array('lang' => 'FULL_FOLDER_ACTION', 'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'legend2' => 'GENERAL_OPTIONS',
'allow_mass_pm' => array('lang' => 'ALLOW_MASS_PM', 'type' => 'radio:yes_no', 'explain' => false),
'auth_bbcode_pm' => array('lang' => 'ALLOW_BBCODE_PM', 'type' => 'radio:yes_no', 'explain' => false),
'auth_smilies_pm' => array('lang' => 'ALLOW_SMILIES_PM', 'type' => 'radio:yes_no', 'explain' => false),
'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'type' => 'radio:yes_no', 'explain' => false),
'auth_download_pm' => array('lang' => 'ALLOW_DOWNLOAD_PM', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig_pm' => array('lang' => 'ALLOW_SIG_PM', 'type' => 'radio:yes_no', 'explain' => false),
'print_pm' => array('lang' => 'ALLOW_PRINT_PM', 'type' => 'radio:yes_no', 'explain' => false),
'forward_pm' => array('lang' => 'ALLOW_FORWARD_PM', 'type' => 'radio:yes_no', 'explain' => false),
@ -137,7 +144,7 @@ class acp_board
'legend2' => 'POSTING',
'bump_type' => false,
'edit_time' => array('lang' => 'EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'edit_time' => array('lang' => 'EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'display_last_edited' => array('lang' => 'DISPLAY_LAST_EDITED', 'type' => 'radio:yes_no', 'explain' => true),
'flood_interval' => array('lang' => 'FLOOD_INTERVAL', 'type' => 'text:3:4', 'explain' => true),
'bump_interval' => array('lang' => 'BUMP_INTERVAL', 'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
@ -204,33 +211,6 @@ class acp_board
'coppa_enable' => array('lang' => 'ENABLE_COPPA', 'type' => 'radio:yes_no', 'explain' => true),
'coppa_mail' => array('lang' => 'COPPA_MAIL', 'type' => 'textarea:5:40', 'explain' => true),
'coppa_fax' => array('lang' => 'COPPA_FAX', 'type' => 'text:25:100', 'explain' => false),
'coppa_hide_groups' => array('lang' => 'COPPA_HIDE_GROUPS', 'type' => 'radio:yes_no', 'explain' => true),
)
);
break;
case 'visual':
$display_vars = array(
'title' => 'ACP_VC_SETTINGS',
'vars' => array(
'legend1' => 'GENERAL_OPTIONS',
'enable_confirm' => array('lang' => 'VISUAL_CONFIRM_REG', 'type' => 'radio:yes_no', 'explain' => true),
'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => 'CAPTCHA_OPTIONS',
'policy_overlap' => array('lang' => 'CAPTCHA_OVERLAP', 'type' => 'radio:yes_no', 'explain' => false),
'policy_overlap_noise_pixel' => array('lang' => 'OVERLAP_NOISE_PIXEL', 'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
'policy_overlap_noise_line' => array('lang' => 'OVERLAP_NOISE_LINE', 'type' => 'radio:yes_no', 'explain' => false),
'policy_entropy' => array('lang' => 'CAPTCHA_ENTROPY', 'type' => 'radio:yes_no', 'explain' => false),
'policy_entropy_noise_pixel' => array('lang' => 'ENTROPY_NOISE_PIXEL', 'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
'policy_entropy_noise_line' => array('lang' => 'ENTROPY_NOISE_LINE', 'type' => 'radio:yes_no', 'explain' => false),
'policy_shape' => array('lang' => 'CAPTCHA_SHAPE', 'type' => 'radio:yes_no', 'explain' => false),
'policy_shape_noise_pixel' => array('lang' => 'SHAPE_NOISE_PIXEL', 'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
'policy_shape_noise_line' => array('lang' => 'SHAPE_NOISE_LINE', 'type' => 'radio:yes_no', 'explain' => false),
'policy_3dbitmap' => array('lang' => 'CAPTCHA_3DBITMAP', 'type' => 'radio:yes_no', 'explain' => false),
'policy_cells' => array('lang' => 'CAPTCHA_CELLS', 'type' => 'radio:yes_no', 'explain' => false),
'policy_stencil' => array('lang' => 'CAPTCHA_STENCIL', 'type' => 'radio:yes_no', 'explain' => false),
'policy_composite' => array('lang' => 'CAPTCHA_COMPOSITE', 'type' => 'radio:yes_no', 'explain' => false),
)
);
break;
@ -259,16 +239,17 @@ class acp_board
'load_online_time' => array('lang' => 'ONLINE_LENGTH', 'type' => 'text:4:3', 'explain' => true),
'legend2' => 'GENERAL_OPTIONS',
'load_db_track' => array('lang' => 'YES_POST_MARKING', 'type' => 'radio:yes_no', 'explain' => true),
'load_db_lastread' => array('lang' => 'YES_READ_MARKING', 'type' => 'radio:yes_no', 'explain' => true),
'load_online' => array('lang' => 'YES_ONLINE', 'type' => 'radio:yes_no', 'explain' => true),
'load_online_guests' => array('lang' => 'YES_ONLINE_GUESTS', 'type' => 'radio:yes_no', 'explain' => true),
'load_onlinetrack' => array('lang' => 'YES_ONLINE_TRACK', 'type' => 'radio:yes_no', 'explain' => true),
'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'type' => 'radio:yes_no', 'explain' => false),
'load_moderators' => array('lang' => 'YES_MODERATORS', 'type' => 'radio:yes_no', 'explain' => false),
'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'type' => 'radio:yes_no', 'explain' => false),
'load_user_activity' => array('lang' => 'LOAD_USER_ACTIVITY','type' => 'radio:yes_no', 'explain' => true),
'load_tplcompile' => array('lang' => 'RECOMPILE_TEMPLATES', 'type' => 'radio:yes_no', 'explain' => true),
'load_db_track' => array('lang' => 'YES_POST_MARKING', 'type' => 'radio:yes_no', 'explain' => true),
'load_db_lastread' => array('lang' => 'YES_READ_MARKING', 'type' => 'radio:yes_no', 'explain' => true),
'load_anon_lastread' => array('lang' => 'YES_ANON_READ_MARKING', 'type' => 'radio:yes_no', 'explain' => true),
'load_online' => array('lang' => 'YES_ONLINE', 'type' => 'radio:yes_no', 'explain' => true),
'load_online_guests' => array('lang' => 'YES_ONLINE_GUESTS', 'type' => 'radio:yes_no', 'explain' => true),
'load_onlinetrack' => array('lang' => 'YES_ONLINE_TRACK', 'type' => 'radio:yes_no', 'explain' => true),
'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'type' => 'radio:yes_no', 'explain' => false),
'load_moderators' => array('lang' => 'YES_MODERATORS', 'type' => 'radio:yes_no', 'explain' => false),
'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'type' => 'radio:yes_no', 'explain' => false),
'load_user_activity' => array('lang' => 'LOAD_USER_ACTIVITY', 'type' => 'radio:yes_no', 'explain' => true),
'load_tplcompile' => array('lang' => 'RECOMPILE_TEMPLATES', 'type' => 'radio:yes_no', 'explain' => true),
'legend3' => 'CUSTOM_PROFILE_FIELDS',
'load_cpf_memberlist' => array('lang' => 'LOAD_CPF_MEMBERLIST', 'type' => 'radio:yes_no', 'explain' => false),
@ -316,14 +297,14 @@ class acp_board
'title' => 'ACP_SECURITY_SETTINGS',
'vars' => array(
'legend1' => 'ACP_SECURITY_SETTINGS',
'allow_autologin' => array('lang' => 'ALLOW_AUTOLOGIN', 'type' => 'radio:yes_no', 'explain' => true),
'max_autologin_time' => array('lang' => 'AUTOLOGIN_LENGTH', 'type' => 'text:5:5', 'explain' => true),
'ip_check' => array('lang' => 'IP_VALID', 'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
'browser_check' => array('lang' => 'BROWSER_VALID', 'type' => 'radio:yes_no', 'explain' => true),
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'type' => 'text:3:3', 'explain' => true),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS','type' => 'text:3:3', 'explain' => true),
'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'type' => 'radio:yes_no', 'explain' => true),
'allow_autologin' => array('lang' => 'ALLOW_AUTOLOGIN', 'type' => 'radio:yes_no', 'explain' => true),
'max_autologin_time' => array('lang' => 'AUTOLOGIN_LENGTH', 'type' => 'text:5:5', 'explain' => true),
'ip_check' => array('lang' => 'IP_VALID', 'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
'browser_check' => array('lang' => 'BROWSER_VALID', 'type' => 'radio:yes_no', 'explain' => true),
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'type' => 'text:3:3', 'explain' => true),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'type' => 'text:3:3', 'explain' => true),
'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'type' => 'radio:yes_no', 'explain' => true),
)
);
break;
@ -363,7 +344,7 @@ class acp_board
}
$this->new_config = $config;
$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : $this->new_config;
// We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
foreach ($display_vars['vars'] as $config_name => $null)
@ -417,7 +398,7 @@ class acp_board
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'admin_' . $method;
$method = 'acp_' . $method;
if (function_exists($method))
{
if ($fields = $method($this->new_config))
@ -545,7 +526,7 @@ class acp_board
{
if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
{
$method = 'admin_' . $method;
$method = 'acp_' . $method;
if (function_exists($method))
{
$fields = $method($this->new_config);
@ -621,22 +602,12 @@ class acp_board
return '<option value="1"' . (($value == 1) ? ' selected="selected"' : '') . '>' . $user->lang['DELETE_OLDEST_MESSAGES'] . '</option><option value="2"' . (($value == 2) ? ' selected="selected"' : '') . '>' . $user->lang['HOLD_NEW_MESSAGES_SHORT'] . '</option>';
}
/**
* Select captcha pixel noise
*/
function captcha_pixel_noise_select($value, $key = '')
{
global $user;
return '<option value="0"' . (($value == 0) ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option><option value="1"' . (($value == 1) ? ' selected="selected"' : '') . '>' . $user->lang['LIGHT'] . '</option><option value="2"' . (($value == 2) ? ' selected="selected"' : '') . '>' . $user->lang['MEDIUM'] . '</option><option value="3"' . (($value == 3) ? ' selected="selected"' : '') . '>' . $user->lang['HEAVY'] . '</option>';
}
/**
* Select ip validation
*/
function select_ip_check($value, $key = '')
{
$radio_ary = array(4 => 'ALL', 3 => 'CLASS_C', 2 => 'CLASS_B', 0 => 'NONE');
$radio_ary = array(4 => 'ALL', 3 => 'CLASS_C', 2 => 'CLASS_B', 0 => 'NO_IP_VALIDATION');
return h_radio('config[ip_check]', $radio_ary, $value, $key);
}

2
phpBB/includes/acp/acp_bots.php
View file

@ -96,7 +96,7 @@ class acp_bots
foreach ($_tables as $table)
{
$sql = "DELETE FROM $table
WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
WHERE " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}

113
phpBB/includes/acp/acp_captcha.php Normal file
View file

@ -0,0 +1,113 @@
<?php
/**
*
* @package acp
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*/
/**
* @package acp
*/
class acp_captcha
{
var $u_action;
function main($id, $mode)
{
global $db, $user, $auth, $template;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
$user->add_lang('acp/board');
$config_vars = array('enable_confirm' => 'REG_ENABLE',
'enable_post_confirm' => 'POST_ENABLE',
'policy_overlap' => 'OVERLAP_ENABLE',
'policy_overlap_noise_pixel' => 'OVERLAP_NOISE_PIXEL',
'policy_overlap_noise_line' => 'OVERLAP_NOISE_LINE_ENABLE',
'policy_entropy' => 'ENTROPY_ENABLE',
'policy_entropy_noise_pixel' => 'ENTROPY_NOISE_PIXEL',
'policy_entropy_noise_line' => 'ENTROPY_NOISE_LINE_ENABLE',
'policy_shape' => 'SHAPE_ENABLE',
'policy_shape_noise_pixel' => 'SHAPE_NOISE_PIXEL',
'policy_shape_noise_line' => 'SHAPE_NOISE_LINE_ENABLE',
'policy_3dbitmap' => 'THREEDBITMAP_ENABLE',
'policy_cells' => 'CELLS_ENABLE',
'policy_stencil' => 'STENCIL_ENABLE',
'policy_composite' => 'COMPOSITE_ENABLE'
);
$policy_modules = array('policy_entropy', 'policy_3dbitmap', 'policy_overlap', 'policy_shape', 'policy_cells', 'policy_stencil', 'policy_composite');
switch ($mode)
{
case 'visual':
$this->tpl_name = 'acp_captcha';
$this->page_title = 'ACP_VC_SETTINGS';
$submit = request_var('submit', '');
if ($submit)
{
$config_vars = array_keys($config_vars);
foreach ($config_vars as $config_var)
{
set_config($config_var, request_var($config_var, ''));
}
trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
}
else
{
$array = array();
foreach ($config_vars as $config_var => $template_var)
{
$array[$template_var] = $config[$config_var];
}
$template->assign_vars($array);
if (@extension_loaded('gd'))
{
$template->assign_var('GD', true);
foreach ($policy_modules as $module_name)
{
$template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&amp;mode=img&amp;policy=' . $module_name) . '" target="_blank">', '</a>'));
}
if (function_exists('imagettfbbox') && function_exists('imagettftext'))
{
$template->assign_var('TTF', true);
}
}
}
break;
case 'img':
$policy = request_var('policy', '');
if (!@extension_loaded('gd'))
{
trigger_error($user->lang['NO_GD']);
}
if (!($policy === 'policy_entropy' || $policy === 'policy_3dbitmap') && (!function_exists('imagettfbbox') || !function_exists('imagettftext')))
{
trigger_error($user->lang['NO_TTF']);
}
if (!in_array($policy, $policy_modules))
{
trigger_error($user->lang['BAD_POLICY']);
}
$user->add_lang('ucp');
include($phpbb_root_path . 'includes/captcha/captcha_gd.' . $phpEx);
$captcha = new captcha();
$captcha->execute(gen_rand_string(), $policy);
break;
}
}
}
?>

229
phpBB/includes/acp/acp_database.php
View file

@ -68,7 +68,7 @@ class acp_database
@set_time_limit(1200);
$filename = time();
$filename = 'backup_' . time();
// We set up the info needed for our on-the-fly creation :D
switch ($format)
@ -135,6 +135,7 @@ class acp_database
{
case 'sqlite':
$sql_data .= "BEGIN TRANSACTION;\n";
$sqlite_version = sqlite_libversion();
break;
case 'postgres':
@ -143,7 +144,8 @@ class acp_database
case 'mssql':
case 'mssql_odbc':
$sql_data .= "BEGIN TRANSACTION\nGO\n";
$sql_data .= "BEGIN TRANSACTION\n";
$sql_data .= "GO\n";
break;
}
@ -157,14 +159,26 @@ class acp_database
case 'mysqli':
case 'mysql4':
case 'mysql':
case 'sqlite':
$sql_data .= '# Table: ' . $table_name . "\n";
$sql_data .= "DROP TABLE IF EXISTS $table_name;\n";
break;
case 'oracle':
$sql_data .= '# Table: ' . $table_name . "\n";
$sql_data .= "DROP TABLE $table_name;\n\\\n";
$sql_data .= "DROP TABLE $table_name;\n";
$sql_data .= '\\' . "\n";
break;
case 'sqlite':
$sql_data .= '# Table: ' . $table_name . "\n";
if (version_compare($sqlite_version, '3.0') == -1)
{
$sql_data .= "DROP TABLE $table_name;\n";
}
else
{
$sql_data .= "DROP TABLE IF EXISTS $table_name;\n";
}
break;
case 'postgres':
@ -177,11 +191,33 @@ class acp_database
case 'mssql_odbc':
$sql_data .= '# Table: ' . $table_name . "\n";
$sql_data .= "IF OBJECT_ID(N'$table_name', N'U') IS NOT NULL\n";
$sql_data .= "DROP TABLE $table_name;\nGO\n";
$sql_data .= "DROP TABLE $table_name;\n";
$sql_data .= "GO\n";
break;
}
$sql_data .= $this->get_table_structure($table_name);
}
// We might wanna empty out all that junk :D
else
{
switch (SQL_LAYER)
{
case 'mysqli':
case 'mysql4':
case 'mysql':
case 'mssql':
case 'mssql_odbc':
case 'oracle':
case 'postgres':
case 'firebird':
$sql_data .= 'TRUNCATE TABLE ' . $table_name . ";\n";
break;
case 'sqlite':
$sql_data .= 'DELETE FROM ' . $table_name . ";\n";
break;
}
}
// Now write the data for the first time. :)
if ($store == true)
{
@ -211,7 +247,8 @@ class acp_database
{
case 'mysqli':
$sql = "SELECT * FROM $table_name";
$sql = "SELECT *
FROM $table_name";
$result = mysqli_query($db->db_connect_id, $sql, MYSQLI_USE_RESULT);
if ($result != false)
{
@ -278,7 +315,8 @@ class acp_database
case 'mysql4':
case 'mysql':
$sql = "SELECT * FROM $table_name";
$sql = "SELECT *
FROM $table_name";
$result = mysql_unbuffered_query($sql, $db->db_connect_id);
if ($result != false)
@ -347,12 +385,48 @@ class acp_database
break;
case 'sqlite':
// This is *not* my fault. The PHP guys forgot a call to finalize when they wrote this function. This forces all the tables to stay locked...
// They finally fixed it in 5.1.3 but 5.1.2 and under still have this so instead, we go and grab the column types by smashing open the sqlite_master table
// and grope around for things that remind us of datatypes...
if (version_compare(phpversion(), '5.1.3', '>='))
{
$col_types = sqlite_fetch_column_types($db->db_connect_id, $table_name);
}
else
{
$sql = "SELECT sql
FROM sqlite_master
WHERE type = 'table'
AND name = '" . $table_name . "'";
$table_data = sqlite_single_query($db->db_connect_id, $sql);
$table_data = preg_replace('#CREATE\s+TABLE\s+"?' . $table_name . '"?#i', '', $table_data);
$table_data = trim($table_data);
$col_types = sqlite_fetch_column_types($table_name, $db->db_connect_id);
$sql = "SELECT * FROM $table_name";
$result = $db->sql_query($sql);
preg_match('#\((.*)\)#s', $table_data, $matches);
while ($row = $db->sql_fetchrow($result))
$column_list = array();
$table_cols = explode(',', trim($matches[1]));
foreach($table_cols as $declaration)
{
$entities = preg_split('#\s+#', trim($declaration));
$column_name = preg_replace('/"?([^"]+)"?/', '\1', $entities[0]);
// Hit a primary key, those are not what we need :D
if (empty($entities[1]))
{
continue;
}
$col_types[$column_name] = $entities[1];
}
}
// Unbueffered query and the foreach make this ultra fast, we wait for nothing.
$sql = "SELECT *
FROM $table_name";
$result = sqlite_unbuffered_query($db->db_connect_id, $sql);
$rows = sqlite_fetch_all($result, SQLITE_ASSOC);
foreach ($rows as $row)
{
$names = $data = array();
foreach ($row as $row_name => $row_data)
@ -405,7 +479,7 @@ class acp_database
// Grab all of the data from current table.
$sql = "SELECT *
FROM {$table_name}";
FROM $table_name";
$result = $db->sql_query($sql);
$i_num_fields = pg_num_fields($result);
@ -421,14 +495,14 @@ class acp_database
FROM pg_attrdef d, pg_class c
WHERE (c.relname = '{$table_name}')
AND (c.oid = d.adrelid)
AND d.adnum = " . strval($i+1);
AND d.adnum = " . strval($i + 1);
$result2 = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result2))
{
// Determine if we must reset the sequences
if (strpos($row['rowdefault'], 'nextval(\'') === 0)
if (strpos($row['rowdefault'], "nextval('") === 0)
{
$seq .= "SELECT SETVAL('{$table_name}_seq',(select case when max({$ary_name[$i]})>0 then max({$ary_name[$i]})+1 else 1 end from {$table_name}));\n";
$seq .= "SELECT SETVAL('{$table_name}_seq',(select case when max({$ary_name[$i]})>0 then max({$ary_name[$i]})+1 else 1 end FROM {$table_name}));\n";
}
}
}
@ -476,7 +550,7 @@ class acp_database
// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
if ($store == true)
{
@ -526,7 +600,7 @@ class acp_database
// Grab all of the data from current table.
$sql = "SELECT *
FROM {$table_name}";
FROM $table_name";
$result = $db->sql_query($sql);
$retrieved_data = odbc_num_rows($result);
@ -534,8 +608,8 @@ class acp_database
if ($retrieved_data)
{
$sql = "SELECT 1 as has_identity
FROM INFORMATION_SCHEMA.COLUMNS
WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
FROM INFORMATION_SCHEMA.COLUMNS
WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
$result2 = $db->sql_query($sql);
$row2 = $db->sql_fetchrow($result2);
if (!empty($row2['has_identity']))
@ -597,7 +671,7 @@ class acp_database
// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
if ($store == true)
{
@ -637,7 +711,7 @@ class acp_database
// Grab all of the data from current table.
$sql = "SELECT *
FROM {$table_name}";
FROM $table_name";
$result = $db->sql_query($sql);
$retrieved_data = mssql_num_rows($result);
@ -653,8 +727,8 @@ class acp_database
if ($retrieved_data)
{
$sql = "SELECT 1 as has_identity
FROM INFORMATION_SCHEMA.COLUMNS
WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
FROM INFORMATION_SCHEMA.COLUMNS
WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
$result2 = $db->sql_query($sql);
$row2 = $db->sql_fetchrow($result2);
if (!empty($row2['has_identity']))
@ -708,7 +782,7 @@ class acp_database
// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
if ($store == true)
{
@ -748,7 +822,7 @@ class acp_database
// Grab all of the data from current table.
$sql = "SELECT *
FROM {$table_name}";
FROM $table_name";
$result = $db->sql_query($sql);
$i_num_fields = ibase_num_fields($result);
@ -803,7 +877,7 @@ class acp_database
// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
if ($store == true)
{
@ -833,7 +907,7 @@ class acp_database
// Grab all of the data from current table.
$sql = "SELECT *
FROM {$table_name}";
FROM $table_name";
$result = $db->sql_query($sql);
$i_num_fields = ocinumcols($result);
@ -887,7 +961,7 @@ class acp_database
// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
if ($store == true)
{
@ -987,9 +1061,9 @@ class acp_database
break;
case 'postgres':
$sql = "SELECT relname
$sql = 'SELECT relname
FROM pg_stat_user_tables
ORDER BY relname;";
ORDER BY relname';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
@ -1088,7 +1162,7 @@ class acp_database
$delete = request_var('delete', '');
$file = request_var('file', '');
preg_match('#^(\d{10})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches);
preg_match('#^(backup_\d{10,})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches);
$file_name = $phpbb_root_path . 'store/' . $matches[0];
if (!(file_exists($file_name) && is_readable($file_name)))
@ -1144,39 +1218,47 @@ class acp_database
{
// Strip out sql comments...
remove_remarks($data);
switch (SQL_LAYER)
// SQLite gets improved performance when you shove all of these disk write queries at once :D
if (SQL_LAYER == 'sqlite')
{
case 'firebird':
$delim = ';;';
break;
case 'mysql':
case 'mysql4':
case 'mysqli':
case 'sqlite':
case 'postgres':
$delim = ';';
break;
case 'oracle':
$delim = '/';
break;
case 'mssql':
case 'mssql-odbc':
$delim = 'GO';
break;
$db->sql_query($data);
}
$pieces = split_sql_file($data, $delim);
$sql_count = count($pieces);
for($i = 0; $i < $sql_count; $i++)
else
{
$sql = trim($pieces[$i]);
if (!empty($sql) && $sql[0] != '#')
switch (SQL_LAYER)
{
$db->sql_query($sql);
case 'firebird':
$delim = ';;';
break;
case 'mysql':
case 'mysql4':
case 'mysqli':
case 'postgres':
$delim = ';';
break;
case 'oracle':
$delim = '/';
break;
case 'mssql':
case 'mssql-odbc':
$delim = 'GO';
break;
}
$pieces = split_sql_file($data, $delim);
$sql_count = count($pieces);
for($i = 0; $i < $sql_count; $i++)
{
$sql = trim($pieces[$i]);
if (!empty($sql) && $sql[0] != '#')
{
$db->sql_query($sql);
}
}
}
}
@ -1202,7 +1284,7 @@ class acp_database
$dh = opendir($dir);
while (($file = readdir($dh)) !== false)
{
if (preg_match('#^(\d{10})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
if (preg_match('#^backup_(\d{10,})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
{
$supported = in_array($matches[2], $methods);
@ -1278,7 +1360,10 @@ class acp_database
}
$db->sql_freeresult($result);
$result = $db->sql_query("SHOW KEYS FROM $table_name");
$sql = "SHOW KEYS
FROM $table_name";
$result = $db->sql_query($sql);
$index = array();
while ($row = $db->sql_fetchrow($result))
@ -1403,11 +1488,12 @@ class acp_database
// We don't even care about storing the results. We already know the answer if we get rows back.
if ($db->sql_fetchrow($result))
{
$sql_data .= "DROP SEQUENCE {$table_name}_seq;\n";
$sql_data .= "CREATE SEQUENCE {$table_name}_seq;\n";
}
$db->sql_freeresult($result);
$field_query = "SELECT a.attnum, a.attname AS field, t.typname as type, a.attlen AS length, a.atttypmod as lengthvar, a.attnotnull as notnull
$field_query = "SELECT a.attnum, a.attname as field, t.typname as type, a.attlen as length, a.atttypmod as lengthvar, a.attnotnull as notnull
FROM pg_class c, pg_attribute a, pg_type t
WHERE c.relname = '" . $db->sql_escape($table_name) . "'
AND a.attnum > 0
@ -1477,7 +1563,7 @@ class acp_database
// Get the listing of primary keys.
$sql_pri_keys = "SELECT ic.relname AS index_name, bc.relname AS tab_name, ta.attname AS column_name, i.indisunique AS unique_key, i.indisprimary AS primary_key
$sql_pri_keys = "SELECT ic.relname as index_name, bc.relname as tab_name, ta.attname as column_name, i.indisunique as unique_key, i.indisprimary as primary_key
FROM pg_class bc, pg_class ic, pg_index i, pg_attribute ta, pg_attribute ia
WHERE (bc.oid = i.indrelid)
AND (ic.oid = i.indexrelid)
@ -1486,7 +1572,8 @@ class acp_database
AND (bc.relname = '" . $db->sql_escape($table_name) . "')
AND (ta.attrelid = i.indrelid)
AND (ta.attnum = i.indkey[ia.attnum-1])
ORDER BY index_name, tab_name, column_name ";
ORDER BY index_name, tab_name, column_name";
$result = $db->sql_query($sql_pri_keys);
$index_create = $index_rows = $primary_key = array();
@ -1599,7 +1686,7 @@ class acp_database
if ($row['COLUMN_DEFAULT'])
{
$line .= ' CONSTRAINT [DF_' . $table_name . '_' . $row['COLUMN_NAME'] . '] DEFAULT ' . $row['COLUMN_DEFAULT'];
$line .= ' DEFAULT ' . $row['COLUMN_DEFAULT'];
}
$rows[] = $line;
@ -1666,7 +1753,7 @@ class acp_database
$sql_data .= "\nCREATE TABLE $table_name (\n";
$sql = 'SELECT DISTINCT R.RDB$FIELD_NAME AS FNAME, R.RDB$NULL_FLAG AS NFLAG, R.RDB$DEFAULT_SOURCE AS DSOURCE, F.RDB$FIELD_TYPE AS FTYPE, F.RDB$FIELD_SUB_TYPE AS STYPE, F.RDB$FIELD_LENGTH AS FLEN
$sql = 'SELECT DISTINCT R.RDB$FIELD_NAME as FNAME, R.RDB$NULL_FLAG as NFLAG, R.RDB$DEFAULT_SOURCE as DSOURCE, F.RDB$FIELD_TYPE as FTYPE, F.RDB$FIELD_SUB_TYPE as STYPE, F.RDB$FIELD_LENGTH as FLEN
FROM RDB$RELATION_FIELDS R
JOIN RDB$FIELDS F ON R.RDB$FIELD_SOURCE=F.RDB$FIELD_NAME
LEFT JOIN RDB$FIELD_DIMENSIONS D ON R.RDB$FIELD_SOURCE = D.RDB$FIELD_NAME
@ -1727,7 +1814,7 @@ class acp_database
$db->sql_freeresult($result);
$sql = 'SELECT I.RDB$INDEX_NAME AS INAME, I.RDB$UNIQUE_FLAG AS UFLAG, S.RDB$FIELD_NAME AS FNAME
$sql = 'SELECT I.RDB$INDEX_NAME as INAME, I.RDB$UNIQUE_FLAG as UFLAG, S.RDB$FIELD_NAME as FNAME
FROM RDB$INDICES I JOIN RDB$INDEX_SEGMENTS S ON S.RDB$INDEX_NAME=I.RDB$INDEX_NAME
WHERE (I.RDB$SYSTEM_FLAG IS NULL OR I.RDB$SYSTEM_FLAG=0)
AND I.RDB$FOREIGN_KEY IS NULL
@ -1771,7 +1858,7 @@ class acp_database
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$sql = 'SELECT T1.RDB$DEPENDED_ON_NAME AS GEN, T1.RDB$FIELD_NAME, T1.RDB$DEPENDED_ON_TYPE
$sql = 'SELECT T1.RDB$DEPENDED_ON_NAME as GEN, T1.RDB$FIELD_NAME, T1.RDB$DEPENDED_ON_TYPE
FROM RDB$DEPENDENCIES T1
WHERE (T1.RDB$DEPENDENT_NAME = \'' . $row['dname'] . '\')
AND (T1.RDB$DEPENDENT_TYPE = 2 AND T1.RDB$DEPENDED_ON_TYPE = 14)
@ -1800,7 +1887,9 @@ class acp_database
case 'oracle':
$sql_data .= "\nCREATE TABLE $table_name (\n";
$sql = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT from ALL_TAB_COLS where table_name = '{$table_name}'";
$sql = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT
FROM ALL_TAB_COLS
WHERE table_name = '{$table_name}'";
$result = $db->sql_query($sql);
$rows = array();

11
phpBB/includes/acp/acp_email.php
View file

@ -55,13 +55,11 @@ class acp_email
{
if ($usernames)
{
$usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames)));
$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang
FROM ' . USERS_TABLE . "
WHERE username IN ($usernames)
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
AND user_allow_massemail = 1
ORDER BY user_lang, user_notify_type"; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
}
else
{
@ -85,10 +83,10 @@ class acp_email
}
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
$db->sql_freeresult($result);
trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action));
}
@ -159,6 +157,7 @@ class acp_email
$messenger->assign_vars(array(
'SITENAME' => $config['sitename'],
'CONTACT_EMAIL' => $config['board_contact'],
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'MESSAGE' => html_entity_decode($message))
);

146
phpBB/includes/acp/acp_forums.php
View file

@ -99,10 +99,12 @@ class acp_forums
'forum_link_track' => request_var('forum_link_track', false),
'forum_desc' => request_var('forum_desc', '', true),
'forum_desc_uid' => '',
'forum_desc_bitfield' => 0,
'forum_desc_options' => 0,
'forum_desc_bitfield' => '',
'forum_rules' => request_var('forum_rules', '', true),
'forum_rules_uid' => '',
'forum_rules_bitfield' => 0,
'forum_rules_options' => 0,
'forum_rules_bitfield' => '',
'forum_rules_link' => request_var('forum_rules_link', ''),
'forum_image' => request_var('forum_image', ''),
'forum_style' => request_var('forum_style', 0),
@ -111,6 +113,7 @@ class acp_forums
'enable_indexing' => request_var('enable_indexing',true),
'enable_icons' => request_var('enable_icons', false),
'enable_prune' => request_var('enable_prune', false),
'enable_post_review' => request_var('enable_post_review', true),
'prune_days' => request_var('prune_days', 7),
'prune_viewed' => request_var('prune_viewed', 7),
'prune_freq' => request_var('prune_freq', 1),
@ -126,13 +129,13 @@ class acp_forums
// Get data for forum rules if specified...
if ($forum_data['forum_rules'])
{
generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false));
generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false));
}
// Get data for forum description if specified
if ($forum_data['forum_desc'])
{
generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false));
generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false));
}
$errors = $this->update_forum_data($forum_data);
@ -142,8 +145,20 @@ class acp_forums
$forum_perm_from = request_var('forum_perm_from', 0);
// Copy permissions?
if ($forum_perm_from && $action == 'add')
if ($forum_perm_from)
{
// if we edit a forum delete current permissions first
if ($action == 'edit')
{
$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
WHERE forum_id = ' . (int) $forum_data['forum_id'];
$db->sql_query($sql);
$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
WHERE forum_id = ' . (int) $forum_data['forum_id'];
$db->sql_query($sql);
}
// From the mysql documentation:
// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
// Due to this we stay on the safe side if we do the insertion "the manual way"
@ -281,7 +296,7 @@ class acp_forums
trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id));
}
$sql = 'SELECT forum_name
$sql = 'SELECT forum_name, forum_type
FROM ' . FORUMS_TABLE . "
WHERE forum_id = $forum_id";
$result = $db->sql_query($sql);
@ -306,12 +321,13 @@ class acp_forums
if ($update)
{
$forum_data['forum_flags'] = 0;
$forum_data['forum_flags'] += (request_var('forum_link_track', false)) ? 1 : 0;
$forum_data['forum_flags'] += (request_var('prune_old_polls', false)) ? 2 : 0;
$forum_data['forum_flags'] += (request_var('prune_announce', false)) ? 4 : 0;
$forum_data['forum_flags'] += (request_var('prune_sticky', false)) ? 8 : 0;
$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
$forum_data['forum_flags'] = 0;
$forum_data['forum_flags'] += (request_var('forum_link_track', false)) ? 1 : 0;
$forum_data['forum_flags'] += (request_var('prune_old_polls', false)) ? 2 : 0;
$forum_data['forum_flags'] += (request_var('prune_announce', false)) ? 4 : 0;
$forum_data['forum_flags'] += (request_var('prune_sticky', false)) ? 8 : 0;
$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
$forum_data['forum_flags'] += (request_var('enable_post_review', true)) ? 32 : 0;
}
// Show form to create/modify a forum
@ -326,7 +342,20 @@ class acp_forums
$forum_data = $row;
}
$parents_list = make_forum_select($forum_data['parent_id'], $forum_id, false, false, false);
// Make sure there is no forum displayed for parents_list having the current forum id as a parent...
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . '
WHERE parent_id = ' . $forum_id;
$result = $db->sql_query($sql);
$exclude_forums = array($forum_id);
while ($row = $db->sql_fetchrow($result))
{
$exclude_forums[] = $row['forum_id'];
}
$db->sql_freeresult($result);
$parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, false, false, false);
$forum_data['forum_password_confirm'] = $forum_data['forum_password'];
}
@ -390,16 +419,17 @@ class acp_forums
{
// Before we are able to display the preview and plane text, we need to parse our request_var()'d value...
$forum_data['forum_rules_uid'] = '';
$forum_data['forum_rules_bitfield'] = 0;
$forum_data['forum_rules_bitfield'] = '';
$forum_data['forum_rules_options'] = 0;
generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smiliess', false));
generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smiliess', false));
}
// Generate preview content
$forum_rules_preview = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
$forum_rules_preview = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options']);
// decode...
$forum_rules_data = generate_text_for_edit($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
$forum_rules_data = generate_text_for_edit($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_options']);
}
// Parse desciption if specified
@ -409,13 +439,14 @@ class acp_forums
{
// Before we are able to display the preview and plane text, we need to parse our request_var()'d value...
$forum_data['forum_desc_uid'] = '';
$forum_data['forum_desc_bitfield'] = 0;
$forum_data['forum_desc_bitfield'] = '';
$forum_data['forum_desc_options'] = 0;
generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smiliess', false));
generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smiliess', false));
}
// decode...
$forum_desc_data = generate_text_for_edit($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield']);
$forum_desc_data = generate_text_for_edit($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_options']);
}
$forum_type_options = '';
@ -468,8 +499,9 @@ class acp_forums
'U_BACK' => $this->u_action . '&amp;parent_id=' . $this->parent_id,
'U_EDIT_ACTION' => $this->u_action . "&amp;parent_id={$this->parent_id}&amp;action=$action&amp;f=$forum_id",
'L_TITLE' => $user->lang[$this->page_title],
'ERROR_MSG' => (sizeof($errors)) ? implode('<br />', $errors) : '',
'L_COPY_PERMISSIONS_EXPLAIN' => $user->lang['COPY_PERMISSIONS_' . strtoupper($action) . '_EXPLAIN'],
'L_TITLE' => $user->lang[$this->page_title],
'ERROR_MSG' => (sizeof($errors)) ? implode('<br />', $errors) : '',
'FORUM_NAME' => $forum_data['forum_name'],
'FORUM_DATA_LINK' => $forum_data['forum_link'],
@ -501,21 +533,22 @@ class acp_forums
'S_STATUS_OPTIONS' => $statuslist,
'S_PARENT_OPTIONS' => $parents_list,
'S_STYLES_OPTIONS' => $styles_list,
'S_FORUM_OPTIONS' => make_forum_select(false, false, false),
'S_FORUM_OPTIONS' => make_forum_select(($action == 'add') ? $forum_data['parent_id'] : false, false, false, false, false),
'S_SHOW_DISPLAY_ON_INDEX' => $s_show_display_on_index,
'S_FORUM_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false,
'S_FORUM_ORIG_POST' => (isset($old_forum_type) && $old_forum_type == FORUM_POST) ? true : false,
'S_FORUM_LINK' => ($forum_data['forum_type'] == FORUM_LINK) ? true : false,
'S_FORUM_CAT' => ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & 1) ? true : false,
'S_ENABLE_INDEXING' => ($forum_data['enable_indexing']) ? true : false,
'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false,
'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false,
'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false,
'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & 1) ? true : false,
'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & 2) ? true : false,
'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & 4) ? true : false,
'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & 8) ? true : false,
'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & 16) ? true : false,
'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & 32) ? true : false,
)
);
@ -645,7 +678,7 @@ class acp_forums
$template->assign_block_vars('forums', array(
'FOLDER_IMAGE' => $folder_image,
'FORUM_NAME' => $row['forum_name'],
'FORUM_DESCRIPTION' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
'FORUM_DESCRIPTION' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
'FORUM_TOPICS' => $row['forum_topics'],
'FORUM_POSTS' => $row['forum_posts'],
@ -744,12 +777,14 @@ class acp_forums
// 4 = prune announcements
// 8 = prune stickies
// 16 = show active topics
// 32 = enable post review
$forum_data['forum_flags'] = 0;
$forum_data['forum_flags'] += ($forum_data['forum_link_track']) ? 1 : 0;
$forum_data['forum_flags'] += ($forum_data['prune_old_polls']) ? 2 : 0;
$forum_data['forum_flags'] += ($forum_data['prune_announce']) ? 4 : 0;
$forum_data['forum_flags'] += ($forum_data['prune_sticky']) ? 8 : 0;
$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
$forum_data['forum_flags'] += ($forum_data['enable_post_review']) ? 32 : 0;
// Unset data that are not database fields
$forum_data_sql = $forum_data;
@ -759,6 +794,7 @@ class acp_forums
unset($forum_data_sql['prune_announce']);
unset($forum_data_sql['prune_sticky']);
unset($forum_data_sql['show_active']);
unset($forum_data_sql['enable_post_review']);
unset($forum_data_sql['forum_password_confirm']);
// What are we going to do tonight Brain? The same thing we do everynight,
@ -935,14 +971,14 @@ class acp_forums
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET right_id = right_id + $diff, forum_parents = ''
WHERE " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
$db->sql_query($sql);
// Resync the righthand side of the tree
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET left_id = left_id + $diff, right_id = right_id + $diff, forum_parents = ''
WHERE left_id > " . $to_data['right_id'] . '
AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
$db->sql_query($sql);
// Resync moved branch
@ -961,7 +997,7 @@ class acp_forums
{
$sql = 'SELECT MAX(right_id) AS right_id
FROM ' . FORUMS_TABLE . '
WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
WHERE ' . $db->sql_in_set('forum_id', $moved_ids, true);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -971,7 +1007,7 @@ class acp_forums
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET left_id = left_id $diff, right_id = right_id $diff, forum_parents = ''
WHERE forum_id IN (" . implode(', ', $moved_ids) . ')';
WHERE " . $db->sql_in_set('forum_id', $moved_ids);
$db->sql_query($sql);
}
@ -982,7 +1018,7 @@ class acp_forums
{
global $db;
$table_ary = array(LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
$table_ary = array(ACL_GROUPS_TABLE, ACL_USERS_TABLE, LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
foreach ($table_ary as $table)
{
@ -1023,6 +1059,7 @@ class acp_forums
$errors = array();
$log_action_posts = $log_action_forums = $posts_to_name = $subforums_to_name = '';
$forum_ids = array($forum_id);
if ($action_posts == 'delete')
{
@ -1066,8 +1103,6 @@ class acp_forums
if ($action_subforums == 'delete')
{
$log_action_forums = 'FORUMS';
$forum_ids = array($forum_id);
$rows = get_forum_branch($forum_id, 'children', 'descending', false);
foreach ($rows as $row)
@ -1084,7 +1119,7 @@ class acp_forums
$diff = sizeof($forum_ids) * 2;
$sql = 'DELETE FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_ids) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_ids);
$db->sql_query($sql);
}
else if ($action_subforums == 'move')
@ -1159,11 +1194,6 @@ class acp_forums
WHERE left_id > {$forum_data['right_id']}";
$db->sql_query($sql);
if (!isset($forum_ids) || !is_array($forum_ids))
{
$forum_ids = array($forum_id);
}
// Delete forum ids from extension groups table
$sql = 'SELECT group_id, allowed_forums
FROM ' . EXTENSION_GROUPS_TABLE;
@ -1332,11 +1362,10 @@ class acp_forums
if (sizeof($ids))
{
$start += sizeof($ids);
$id_list = implode(', ', $ids);
foreach ($tables as $table)
{
$db->sql_query("DELETE FROM $table WHERE $field IN ($id_list)");
$db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set($field, $id_list));
}
}
}
@ -1364,6 +1393,43 @@ class acp_forums
$db->sql_transaction('commit');
// Make sure the overall post/topic count is correct...
$sql = 'SELECT COUNT(post_id) AS stat
FROM ' . POSTS_TABLE . '
WHERE post_approved = 1';
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
set_config('num_posts', (int) $row['stat'], true);
$sql = 'SELECT COUNT(topic_id) AS stat
FROM ' . TOPICS_TABLE . '
WHERE topic_approved = 1';
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
set_config('num_topics', (int) $row['stat'], true);
$sql = 'SELECT COUNT(attach_id) as stat
FROM ' . ATTACHMENTS_TABLE;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
set_config('num_files', (int) $row['stat'], true);
$sql = 'SELECT SUM(filesize) as stat
FROM ' . ATTACHMENTS_TABLE;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
set_config('upload_dir_size', (int) $row['stat'], true);
add_log('admin', 'LOG_RESYNC_STATS');
return array();
}

23
phpBB/includes/acp/acp_groups.php
View file

@ -85,7 +85,7 @@ class acp_groups
break;
}
trigger_error($user->lang[$message] . adm_back_link($this->u_action));
trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
break;
case 'default':
@ -134,7 +134,7 @@ class acp_groups
group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
}
trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action));
trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
}
else
{
@ -176,13 +176,15 @@ class acp_groups
break;
}
$back_link = ($action == 'delete') ? $this->u_action : $this->u_action . '&amp;action=list&amp;g=' . $group_id;
if ($error)
{
trigger_error($user->lang[$error] . adm_back_link($this->u_action));
trigger_error($user->lang[$error] . adm_back_link($back_link));
}
$message = ($action == 'delete') ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE';
trigger_error($user->lang[$message] . adm_back_link($this->u_action));
trigger_error($user->lang[$message] . adm_back_link($back_link));
}
else
{
@ -204,7 +206,7 @@ class acp_groups
if (!$name_ary)
{
trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action));
trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
}
$name_ary = array_unique(explode("\n", $name_ary));
@ -212,11 +214,11 @@ class acp_groups
// Add user/s to group
if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, $leader, 0, $group_row))
{
trigger_error($user->lang[$error] . adm_back_link($this->u_action));
trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
}
$message = ($action == 'addleaders') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
trigger_error($user->lang[$message] . adm_back_link($this->u_action));
trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
break;
case 'edit':
@ -418,7 +420,7 @@ class acp_groups
else
{
$group_name = $group_row['group_name'];
$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield']);
$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']);
$group_type = $group_row['group_type'];
$group_rank = $group_row['group_rank'];
}
@ -607,10 +609,12 @@ class acp_groups
'S_ON_PAGE' => on_page($total_members, $config['topics_per_page'], $start),
'PAGINATION' => generate_pagination($this->u_action . "&amp;action=$action&amp;g=$group_id", $total_members, $config['topics_per_page'], $start, true),
'GROUP_NAME' => ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'],
'U_ACTION' => $this->u_action . "&amp;g=$group_id",
'U_BACK' => $this->u_action,
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=list&amp;field=usernames'))
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=list&amp;field=usernames'),
'U_DEFAULT_ALL' => "{$this->u_action}&amp;action=default&amp;g=$group_id")
);
foreach ($group_data['leader'] as $row)
@ -701,7 +705,6 @@ class acp_groups
$template->assign_block_vars('groups', array(
'U_LIST' => "{$this->u_action}&amp;action=list&amp;g=$group_id",
'U_DEFAULT' => "{$this->u_action}&amp;action=default&amp;g=$group_id",
'U_EDIT' => "{$this->u_action}&amp;action=edit&amp;g=$group_id",
'U_DELETE' => ($auth->acl_get('a_groupdel')) ? "{$this->u_action}&amp;action=delete&amp;g=$group_id" : '',

108
phpBB/includes/acp/acp_icons.php
View file

@ -108,44 +108,41 @@ class acp_icons
ORDER BY {$fields}_order " . (($icon_id || $action == 'add') ? 'DESC' : 'ASC');
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
while ($row = $db->sql_fetchrow($result))
{
do
if ($action == 'add')
{
if ($action == 'add')
{
unset($_images[$row[$fields . '_url']]);
}
unset($_images[$row[$fields . '_url']]);
}
if ($row[$fields . '_id'] == $icon_id)
if ($row[$fields . '_id'] == $icon_id)
{
$after = true;
$data[$row[$fields . '_url']] = $row;
}
else
{
if ($action == 'edit' && !$icon_id)
{
$after = true;
$data[$row[$fields . '_url']] = $row;
}
else
$selected = '';
if (!empty($after))
{
if ($action == 'edit' && !$icon_id)
{
$data[$row[$fields . '_url']] = $row;
}
$selected = '';
if (!empty($after))
{
$selected = ' selected="selected"';
$after = false;
}
$after_txt = ($mode == 'smilies') ? $row['code'] : $row['icons_url'];
$order_list = '<option value="' . ($row[$fields . '_order']) . '"' . $selected . '>' . sprintf($user->lang['AFTER_' . $lang], ' -&gt; ' . htmlspecialchars($after_txt)) . '</option>' . $order_list;
$selected = ' selected="selected"';
$after = false;
}
$after_txt = ($mode == 'smilies') ? $row['code'] : $row['icons_url'];
$order_list = '<option value="' . ($row[$fields . '_order']) . '"' . $selected . '>' . sprintf($user->lang['AFTER_' . $lang], ' -&gt; ' . htmlspecialchars($after_txt)) . '</option>' . $order_list;
}
while ($row = $db->sql_fetchrow($result));
}
$db->sql_freeresult($result);
$order_list = '<option value="1"' . ((!isset($after)) ? ' selected="selected"' : '') . '>' . $user->lang['FIRST'] . '</option>' . $order_list;
$data = array();
if ($action == 'add')
{
$data = $_images;
@ -231,17 +228,17 @@ class acp_icons
}
$img_sql = array(
$fields . '_url' => $image,
$fields . '_width' => $image_width[$image],
$fields . '_height' => $image_height[$image],
'display_on_posting'=> (isset($image_display_on_posting[$image])) ? 1 : 0,
$fields . '_url' => $image,
$fields . '_width' => $image_width[$image],
$fields . '_height' => $image_height[$image],
'display_on_posting' => (isset($image_display_on_posting[$image])) ? 1 : 0,
);
if ($mode == 'smilies')
{
$img_sql = array_merge($img_sql, array(
'emotion' => $image_emotion[$image],
'code' => $image_code[$image])
'emotion' => $image_emotion[$image],
'code' => $image_code[$image])
);
}
@ -351,7 +348,10 @@ class acp_icons
$cur_img = array();
$field_sql = ($mode == 'smilies') ? 'code' : 'icons_url';
$result = $db->sql_query("SELECT $field_sql FROM $table");
$sql = "SELECT $field_sql
FROM $table";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
@ -371,8 +371,8 @@ class acp_icons
$data = array();
if (preg_match_all("#'(.*?)', #", $pak_entry, $data))
{
if ((sizeof($data[1]) != 3 && $mode == 'icons') ||
(sizeof($data[1]) != 5 && $mode == 'smilies'))
if ((sizeof($data[1]) != 4 && $mode == 'icons') ||
(sizeof($data[1]) != 6 && $mode == 'smilies'))
{
trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action));
}
@ -381,11 +381,12 @@ class acp_icons
$img = stripslashes($data[1][0]);
$width = stripslashes($data[1][1]);
$height = stripslashes($data[1][2]);
$display_on_posting = stripslashes($data[1][3]);
if (isset($data[1][3]) && isset($data[1][4]))
if (isset($data[1][4]) && isset($data[1][5]))
{
$emotion = stripslashes($data[1][3]);
$code = stripslashes($data[1][4]);
$emotion = stripslashes($data[1][4]);
$code = stripslashes($data[1][5]);
}
if ($current == 'replace' &&
@ -394,15 +395,16 @@ class acp_icons
{
$replace_sql = ($mode == 'smilies') ? $code : $img;
$sql = array(
$fields . '_url' => $img,
$fields . '_height' => (int) $height,
$fields . '_width' => (int) $width,
$fields . '_url' => $img,
$fields . '_height' => (int) $height,
$fields . '_width' => (int) $width,
'display_on_posting' => (int) $display_on_posting,
);
if ($mode == 'smilies')
{
$sql = array_merge($sql, array(
'emotion' => $emotion
'emotion' => $emotion,
));
}
@ -415,17 +417,18 @@ class acp_icons
++$order;
$sql = array(
$fields . '_url' => $img,
$fields . '_height' => (int) $height,
$fields . '_width' => (int) $width,
$fields . '_order' => (int) $order,
$fields . '_url' => $img,
$fields . '_height' => (int) $height,
$fields . '_width' => (int) $width,
$fields . '_order' => (int) $order,
'display_on_posting'=> (int) $display_on_posting,
);
if ($mode == 'smilies')
{
$sql = array_merge($sql, array(
'code' => $code,
'emotion' => $emotion
'code' => $code,
'emotion' => $emotion,
));
}
$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $sql));
@ -492,6 +495,7 @@ class acp_icons
$pak .= "'" . addslashes($row[$fields . '_url']) . "', ";
$pak .= "'" . addslashes($row[$fields . '_width']) . "', ";
$pak .= "'" . addslashes($row[$fields . '_height']) . "', ";
$pak .= "'" . addslashes($row['display_on_posting']) . "', ";
if ($mode == 'smilies')
{
@ -505,7 +509,7 @@ class acp_icons
if ($pak != '')
{
$db->sql_close();
garbage_collection();
header('Pragma: public');
@ -519,15 +523,16 @@ class acp_icons
}
else
{
trigger_error($user->lang['NO_' . $fields . '_EXPORT'] . adm_back_link($this->u_action));
trigger_error($user->lang['NO_' . strtoupper($fields) . '_EXPORT'] . adm_back_link($this->u_action));
}
break;
case 'delete':
$db->sql_query("DELETE FROM $table
WHERE {$fields}_id = $icon_id");
$sql = "DELETE FROM $table
WHERE {$fields}_id = $icon_id";
$db->sql_query($sql);
switch ($mode)
{
@ -549,6 +554,9 @@ class acp_icons
$notice = $user->lang[$lang . '_DELETED'];
$cache->destroy('icons');
$cache->destroy('sql', $table);
break;
case 'move_up':

213
phpBB/includes/acp/acp_language.php
View file

@ -71,6 +71,10 @@ class acp_language
$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
break;
case 'ftp_fsock':
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
break;
default:
trigger_error($user->lang['INVALID_UPLOAD_METHOD']);
}
@ -97,23 +101,13 @@ class acp_language
));
}
$entry = $_POST['entry'];
foreach ($entry as $key => $value)
{
if (is_array($value))
{
foreach ($value as $key2 => $data)
{
$entry[$key][$key2] = htmlentities($data);
}
}
else
{
$entry[$key] = htmlentities($value);
}
}
$hidden_data = build_hidden_fields(array('file' => $this->language_file, 'dir' => $this->language_directory, 'method' => $method, 'entry' => $entry));
$hidden_data = build_hidden_fields(array(
'file' => $this->language_file,
'dir' => $this->language_directory,
'method' => $method,
'entry' => $_POST['entry']),
true
);
$template->assign_vars(array(
'S_UPLOAD' => true,
@ -133,7 +127,8 @@ class acp_language
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
}
$sql = 'SELECT * FROM ' . LANG_TABLE . "
$sql = 'SELECT *
FROM ' . LANG_TABLE . "
WHERE lang_id = $lang_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -168,7 +163,8 @@ class acp_language
trigger_error($user->lang['NO_FILE_SELECTED'] . adm_back_link($this->u_action));
}
$sql = 'SELECT * FROM ' . LANG_TABLE . "
$sql = 'SELECT *
FROM ' . LANG_TABLE . "
WHERE lang_id = $lang_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -210,8 +206,7 @@ class acp_language
if ($this->language_directory == 'email')
{
// Email Template
$entry = (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry'];
$entry = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $entry);
$entry = $this->prepare_lang_entry($_POST['entry'], false);
fwrite($fp, $entry);
}
else
@ -229,21 +224,17 @@ class acp_language
{
if (!is_array($value))
{
continue;
}
else
$entry = "\tarray(\n";
foreach ($value as $_key => $_value)
{
$entry = "\tarray(\n";
foreach ($value as $_key => $_value)
{
$_value = (STRIP) ? stripslashes($_value) : $_value;
$_value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $_value);
$entry .= "\t\t" . (int) $_key . "\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
}
$entry .= "\t),\n";
$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
}
$entry .= "\t),\n";
fwrite($fp, $entry);
}
}
@ -255,26 +246,7 @@ class acp_language
foreach ($_POST['entry'] as $key => $value)
{
if (!is_array($value))
{
$value = (STRIP) ? stripslashes($value) : $value;
$value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $value);
$entry = "\t'" . $key . "'\t=> '" . str_replace("'", "\\'", $value) . "',\n";
}
else
{
$entry = "\n\t'" . $key . "'\t=> array(\n";
foreach ($value as $_key => $_value)
{
$_value = (STRIP) ? stripslashes($_value) : $_value;
$_value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $_value);
$entry .= "\t\t'" . $_key . "'\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
}
$entry .= "\t),\n\n";
}
$entry = $this->format_lang_array($key, $value);
fwrite($fp, $entry);
}
}
@ -302,7 +274,8 @@ class acp_language
}
else if ($action == 'upload_data')
{
$sql = 'SELECT lang_iso FROM ' . LANG_TABLE . "
$sql = 'SELECT lang_iso
FROM ' . LANG_TABLE . "
WHERE lang_id = $lang_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -322,6 +295,11 @@ class acp_language
case 'ftp':
$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
break;
case 'ftp_fsock':
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
break;
default:
trigger_error($user->lang['INVALID_UPLOAD_METHOD']);
}
@ -335,6 +313,9 @@ class acp_language
$transfer->copy_file('store/' . $lang_path . $file, $lang_path . $file);
$transfer->close_session();
// Remove from storage folder
@unlink($phpbb_root_path . 'store/' . $lang_path . $file);
add_log('admin', 'LOG_LANGUAGE_FILE_REPLACED', $file);
trigger_error($user->lang['UPLOAD_COMPLETED']);
@ -353,7 +334,8 @@ class acp_language
$this->page_title = 'LANGUAGE_PACK_DETAILS';
$sql = 'SELECT * FROM ' . LANG_TABLE . '
$sql = 'SELECT *
FROM ' . LANG_TABLE . '
WHERE lang_id = ' . $lang_id;
$result = $db->sql_query($sql);
$lang_entries = $db->sql_fetchrow($result);
@ -665,7 +647,8 @@ class acp_language
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
}
$sql = 'SELECT * FROM ' . LANG_TABLE . '
$sql = 'SELECT *
FROM ' . LANG_TABLE . '
WHERE lang_id = ' . $lang_id;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -707,7 +690,8 @@ class acp_language
);
unset($file);
$sql = 'SELECT lang_iso FROM ' . LANG_TABLE . "
$sql = 'SELECT lang_iso
FROM ' . LANG_TABLE . "
WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
$result = $db->sql_query($sql);
@ -746,7 +730,8 @@ class acp_language
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
}
$sql = 'SELECT * FROM ' . LANG_TABLE . '
$sql = 'SELECT *
FROM ' . LANG_TABLE . '
WHERE lang_id = ' . $lang_id;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -794,7 +779,7 @@ class acp_language
include_once($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
if ($use_method == 'zip')
if ($use_method == '.zip')
{
$compress = new compress_zip('w', $phpbb_root_path . 'store/lang_' . $row['lang_iso'] . $use_method);
}
@ -818,6 +803,17 @@ class acp_language
// Add main files
$this->add_to_archive($compress, $this->main_files, $row['lang_iso']);
// Add search files if they exist...
if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . '/search_ignore_words.' . $phpEx))
{
$this->add_to_archive($compress, array("search_ignore_words.$phpEx"), $row['lang_iso']);
}
if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . '/search_synonyms.' . $phpEx))
{
$this->add_to_archive($compress, array("search_synonyms.$phpEx"), $row['lang_iso']);
}
// Write files in folders
$this->add_to_archive($compress, $email_templates, $row['lang_iso'], 'email');
$this->add_to_archive($compress, $acp_files, $row['lang_iso'], 'acp');
@ -862,7 +858,8 @@ class acp_language
$db->sql_freeresult($result);
$sql = 'SELECT *
FROM ' . LANG_TABLE;
FROM ' . LANG_TABLE . '
ORDER BY lang_english_name';
$result = $db->sql_query($sql);
$installed = array();
@ -975,8 +972,7 @@ $lang = array_merge($lang, array(
';
// Language files in language root directory
$this->main_files = array("common.$phpEx", "groups.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
}
/**
@ -1041,22 +1037,52 @@ $lang = array_merge($lang, array(
foreach ($value as $_key => $_value)
{
$tpl .= '
<tr>
<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $_key . '</b></td>
<td class="row2">';
if ($input_field)
if (is_array($_value))
{
$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . ']" value="' . htmlspecialchars($_value) . '" size="50" />';
$tpl .= '
<tr>
<td class="row3" colspan="2">' . $key_prefix . '&nbsp; &nbsp;<b>' . $_key . '</b></td>
</tr>';
foreach ($_value as $__key => $__value)
{
$tpl .= '
<tr>
<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $__key . '</b></td>
<td class="row2">';
if ($input_field)
{
$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . '][' . $__key . ']" value="' . htmlspecialchars($__value) . '" size="50" />';
}
else
{
$tpl .= '<b>' . htmlspecialchars($__value) . '</b>';
}
$tpl .= '</td>
</tr>';
}
}
else
{
$tpl .= '<b>' . htmlspecialchars($_value) . '</b>';
}
$tpl .= '
<tr>
<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $_key . '</b></td>
<td class="row2">';
$tpl .= '</td>
</tr>';
if ($input_field)
{
$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . ']" value="' . htmlspecialchars($_value) . '" size="50" />';
}
else
{
$tpl .= '<b>' . htmlspecialchars($_value) . '</b>';
}
$tpl .= '</td>
</tr>';
}
}
$tpl .= '
@ -1191,6 +1217,49 @@ $lang = array_merge($lang, array(
return $return_ary;
}
/**
* Return language string value for storage
*/
function prepare_lang_entry($text, $store = true)
{
$text = (STRIP) ? stripslashes($text) : $text;
// Adjust for storage...
if ($store)
{
$text = str_replace("'", "\\'", str_replace('\\', '\\\\', $text));
}
return $text;
}
/**
* Format language array for storage
*/
function format_lang_array($key, $value, $tabs = "\t")
{
$entry = '';
if (!is_array($value))
{
$entry .= "{$tabs}'{$key}'\t=> '" . $this->prepare_lang_entry($value) . "',\n";
}
else
{
$_tabs = $tabs . "\t";
$entry .= "\n{$tabs}'{$key}'\t=> array(\n";
foreach ($value as $_key => $_value)
{
$entry .= $this->format_lang_array($_key, $_value, $_tabs);
}
$entry .= "{$tabs}),\n\n";
}
return $entry;
}
}
?>

7
phpBB/includes/acp/acp_logs.php
View file

@ -42,14 +42,15 @@ class acp_logs
if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
{
$where_sql = '';
if ($deletemark && $marked)
if ($deletemark && sizeof($marked))
{
$sql_in = array();
foreach ($marked as $mark)
{
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
@ -67,7 +68,7 @@ class acp_logs
// Sorting
$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
$sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);

69
phpBB/includes/acp/acp_main.php
View file

@ -21,9 +21,9 @@ class acp_main
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
$action = request_var('action', '');
$mark = (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
$mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
if ($mark)
if (sizeof($mark))
{
switch ($action)
{
@ -36,8 +36,8 @@ class acp_main
}
$sql = 'SELECT username
FROM ' . USERS_TABLE . "
WHERE user_id IN ($mark)";
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $mark);
$result = $db->sql_query($sql);
$user_affected = array();
@ -50,14 +50,13 @@ class acp_main
if ($action == 'activate')
{
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$mark_ary = explode(', ', $mark);
foreach ($mark_ary as $user_id)
foreach ($mark as $user_id)
{
user_active_flip($user_id, USER_INACTIVE);
}
set_config('num_users', $config['num_users'] + sizeof($mark_ary), true);
set_config('num_users', $config['num_users'] + sizeof($mark), true);
// Update latest username
update_last_username();
@ -69,9 +68,9 @@ class acp_main
trigger_error($user->lang['NO_ADMIN']);
}
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)";
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
$db->sql_query($sql);
$sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)";
$sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
$db->sql_query($sql);
add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected));
@ -91,8 +90,8 @@ class acp_main
}
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey
FROM ' . USERS_TABLE . "
WHERE user_id IN ($mark)";
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $mark);
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
@ -209,39 +208,20 @@ class acp_main
trigger_error($user->lang['NO_ADMIN']);
}
$post_count_ary = $auth->acl_getf('f_postcount');
$forum_read_ary = $auth->acl_getf('f_read');
$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
FROM ' . POSTS_TABLE . '
WHERE post_postcount = 1
GROUP BY poster_id';
$result = $db->sql_query($sql);
$forum_ary = array();
foreach ($post_count_ary as $forum_id => $allowed)
while ($row = $db->sql_fetchrow($result))
{
if ($allowed['f_postcount'] && $forum_read_ary[$forum_id]['f_read'])
{
$forum_ary[] = $forum_id;
}
}
if (!sizeof($forum_ary))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
}
else
{
$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
FROM ' . POSTS_TABLE . '
WHERE poster_id <> ' . ANONYMOUS . '
AND forum_id IN (' . implode(', ', $forum_ary) . ')
GROUP BY poster_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
}
$db->sql_freeresult($result);
$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
}
$db->sql_freeresult($result);
add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
break;
case 'date':
@ -412,8 +392,10 @@ class acp_main
'DBSIZE' => $dbsize,
'UPLOAD_DIR_SIZE' => $upload_dir_size,
'GZIP_COMPRESSION' => ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'],
'DATABASE_INFO' => $db->sql_server_info(),
'U_ACTION' => append_sid("{$phpbb_admin_path}index.$phpEx"),
'U_ADMIN_LOG' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? $s_action_options : '',
)
@ -439,7 +421,7 @@ class acp_main
if ($auth->acl_get('a_user'))
{
$sql = 'SELECT user_id, username, user_regdate
$sql = 'SELECT user_id, username, user_regdate, user_lastvisit
FROM ' . USERS_TABLE . '
WHERE user_type = ' . USER_INACTIVE . '
ORDER BY user_regdate ASC';
@ -449,6 +431,7 @@ class acp_main
{
$template->assign_block_vars('inactive', array(
'DATE' => $user->format_date($row['user_regdate']),
'LAST_VISIT' => (!$row['user_lastvisit']) ? ' - ' : $user->format_date($row['user_lastvisit']),
'USER_ID' => $row['user_id'],
'USERNAME' => $row['username'],
'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&amp;mode=overview&amp;u={$row['user_id']}"))
@ -473,6 +456,12 @@ class acp_main
$template->assign_var('S_DEBUG_EXTRA', true);
}
// Warn if install is still present
if (file_exists($phpbb_root_path . 'install'))
{
$template->assign_var('S_REMOVE_INSTALL', true);
}
$this->tpl_name = 'acp_main';
$this->page_title = 'ACP_MAIN';
}

76
phpBB/includes/acp/acp_modules.php
View file

@ -144,16 +144,16 @@ class acp_modules
break;
}
list($module_name, $module_mode) = explode('::', $quick_install);
list($module_basename, $module_mode) = explode('::', $quick_install);
// Check if module name and mode exist...
$fileinfo = $this->get_module_infos($module_name);
$fileinfo = $fileinfo[$module_name];
$fileinfo = $this->get_module_infos($module_basename);
$fileinfo = $fileinfo[$module_basename];
if (isset($fileinfo['modes'][$module_mode]))
{
$module_data = array(
'module_name' => $module_name,
'module_basename' => $module_basename,
'module_enabled' => 0,
'module_display' => (isset($fileinfo['modes'][$module_mode]['display'])) ? $fileinfo['modes'][$module_mode]['display'] : 1,
'parent_id' => $parent_id,
@ -202,7 +202,7 @@ class acp_modules
if ($action == 'add')
{
$module_row = array(
'module_name' => '',
'module_basename' => '',
'module_enabled' => 0,
'module_display' => 1,
'parent_id' => 0,
@ -214,7 +214,7 @@ class acp_modules
$module_data = array();
$module_data['module_name'] = request_var('module_name', (string) $module_row['module_name']);
$module_data['module_basename'] = request_var('module_basename', (string) $module_row['module_basename']);
$module_data['module_enabled'] = request_var('module_enabled', (int) $module_row['module_enabled']);
$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
@ -235,7 +235,7 @@ class acp_modules
if ($module_type == 'category')
{
$module_data['module_name'] = $module_data['module_mode'] = $module_data['module_auth'] = '';
$module_data['module_basename'] = $module_data['module_mode'] = $module_data['module_auth'] = '';
$module_data['module_display'] = 1;
}
@ -245,10 +245,10 @@ class acp_modules
}
// Adjust auth row
if ($module_data['module_name'] && $module_data['module_mode'])
if ($module_data['module_basename'] && $module_data['module_mode'])
{
$fileinfo = $this->get_module_infos($module_data['module_name']);
$module_data['module_auth'] = $fileinfo[$module_data['module_name']]['modes'][$module_data['module_mode']]['auth'];
$fileinfo = $this->get_module_infos($module_data['module_basename']);
$module_data['module_auth'] = $fileinfo[$module_data['module_basename']]['modes'][$module_data['module_mode']]['auth'];
}
$errors = $this->update_module_data($module_data);
@ -262,7 +262,7 @@ class acp_modules
}
// Category/not category?
$is_cat = (!$module_data['module_name']) ? true : false;
$is_cat = (!$module_data['module_basename']) ? true : false;
// Get module informations
$module_infos = $this->get_module_infos();
@ -271,20 +271,20 @@ class acp_modules
$s_name_options = $s_mode_options = '';
foreach ($module_infos as $option => $values)
{
if (!$module_data['module_name'])
if (!$module_data['module_basename'])
{
$module_data['module_name'] = $option;
$module_data['module_basename'] = $option;
}
// Name options
$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_name']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_basename']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
$template->assign_block_vars('m_names', array('NAME' => $option));
// Build module modes
foreach ($values['modes'] as $m_mode => $m_values)
{
if ($option == $module_data['module_name'])
if ($option == $module_data['module_basename'])
{
$s_mode_options .= '<option value="' . $m_mode . '"' . (($m_mode == $module_data['module_mode']) ? ' selected="selected"' : '') . '>' . $this->lang_name($m_values['title']) . '</option>';
}
@ -387,7 +387,7 @@ class acp_modules
}
else
{
$module_image = (!$row['module_name'] || $row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['CATEGORY'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['MODULE'] . '" />';
$module_image = (!$row['module_basename'] || $row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['CATEGORY'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['MODULE'] . '" />';
}
$url = $this->u_action . '&amp;parent_id=' . $parent_id . '&amp;m=' . $row['module_id'];
@ -551,22 +551,10 @@ class acp_modules
{
global $db, $user, $auth, $config;
switch (SQL_LAYER)
{
case 'firebird':
$sql = 'SELECT module_id, module_enabled, "module_name", parent_id, module_langname, left_id, right_id, module_auth
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
ORDER BY left_id ASC";
break;
default:
$sql = 'SELECT module_id, module_enabled, module_name, parent_id, module_langname, left_id, right_id, module_auth
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
ORDER BY left_id ASC";
break;
}
$sql = 'SELECT module_id, module_enabled, module_basename, parent_id, module_langname, left_id, right_id, module_auth
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
ORDER BY left_id ASC";
$result = $db->sql_query($sql);
$right = $iteration = 0;
@ -607,13 +595,13 @@ class acp_modules
}
// empty category
if (!$row['module_name'] && ($row['left_id'] + 1 == $row['right_id']) && $ignore_emptycat)
if (!$row['module_basename'] && ($row['left_id'] + 1 == $row['right_id']) && $ignore_emptycat)
{
continue;
}
// ignore non-category?
if ($row['module_name'] && $ignore_noncat)
if ($row['module_basename'] && $ignore_noncat)
{
continue;
}
@ -723,8 +711,10 @@ class acp_modules
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND module_id = {$module_data['parent_id']}";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row = $db->sql_fetchrow($result))
if (!$row)
{
if ($run_inline)
{
@ -733,7 +723,6 @@ class acp_modules
trigger_error($user->lang['PARENT_NO_EXIST']);
}
$db->sql_freeresult($result);
$sql = 'UPDATE ' . MODULES_TABLE . "
SET left_id = left_id + 2, right_id = right_id + 2
@ -777,7 +766,7 @@ class acp_modules
{
$row = $this->get_module_row($module_data['module_id']);
if ($module_data['module_name'] && !$row['module_name'])
if ($module_data['module_basename'] && !$row['module_basename'])
{
// we're turning a category into a module
$branch = $this->get_module_branch($module_data['module_id'], 'children', 'descending', false);
@ -793,8 +782,11 @@ class acp_modules
$this->move_module($module_data['module_id'], $module_data['parent_id']);
}
$update_ary = $module_data;
unset($update_ary['module_id']);
$sql = 'UPDATE ' . MODULES_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $module_data) . "
SET ' . $db->sql_build_array('UPDATE', $update_ary) . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND module_id = {$module_data['module_id']}";
$db->sql_query($sql);
@ -849,7 +841,7 @@ class acp_modules
SET right_id = right_id + $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('module_id', $moved_ids, true);
$db->sql_query($sql);
// Resync the righthand side of the tree
@ -857,7 +849,7 @@ class acp_modules
SET left_id = left_id + $diff, right_id = right_id + $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND left_id > " . $to_data['right_id'] . '
AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('module_id', $moved_ids, true);
$db->sql_query($sql);
// Resync moved branch
@ -876,7 +868,7 @@ class acp_modules
$sql = 'SELECT MAX(right_id) AS right_id
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND module_id NOT IN (" . implode(', ', $moved_ids) . ')';
AND " . $db->sql_in_set('module_id', $moved_ids, true);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -887,7 +879,7 @@ class acp_modules
$sql = 'UPDATE ' . MODULES_TABLE . "
SET left_id = left_id $diff, right_id = right_id $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND module_id IN (" . implode(', ', $moved_ids) . ')';
AND " . $db->sql_in_set('module_id', $moved_ids);
$db->sql_query($sql);
}

16
phpBB/includes/acp/acp_permission_roles.php
View file

@ -239,7 +239,7 @@ class acp_permission_roles
$auth_options = array();
while ($row = $db->sql_fetchrow($result))
{
$auth_options[$row['auth_option']] = ACL_UNSET;
$auth_options[$row['auth_option']] = ACL_NO;
}
$db->sql_freeresult($result);
}
@ -294,7 +294,7 @@ class acp_permission_roles
)
);
// We need to fill the auth options array with ACL_UNSET options ;)
// We need to fill the auth options array with ACL_NO options ;)
$sql = 'SELECT auth_option_id, auth_option
FROM ' . ACL_OPTIONS_TABLE . "
WHERE auth_option LIKE '{$permission_type}%'
@ -306,7 +306,7 @@ class acp_permission_roles
{
if (!isset($auth_options[$row['auth_option']]))
{
$auth_options[$row['auth_option']] = ACL_UNSET;
$auth_options[$row['auth_option']] = ACL_NO;
}
}
$db->sql_freeresult($result);
@ -447,17 +447,17 @@ class acp_permission_roles
$template->assign_block_vars('auth', array(
'CAT_NAME' => $user->lang['permission_cat'][$cat],
'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
'S_UNSET' => ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false)
'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
);
foreach ($cat_array['permissions'] as $permission => $allowed)
{
$template->assign_block_vars('auth.mask', array(
'S_YES' => ($allowed == ACL_YES) ? true : false,
'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
'S_NO' => ($allowed == ACL_NO) ? true : false,
'S_UNSET' => ($allowed == ACL_UNSET) ? true : false,
'FIELD_NAME' => $permission,
'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
@ -484,7 +484,7 @@ class acp_permission_roles
$auth_settings = array();
while ($row = $db->sql_fetchrow($result))
{
$auth_settings[$row['auth_option']] = ACL_UNSET;
$auth_settings[$row['auth_option']] = ACL_NO;
}
$db->sql_freeresult($result);

302
phpBB/includes/acp/acp_permissions.php
View file

@ -59,8 +59,8 @@ class acp_permissions
$subforum_id = request_var('subforum_id', 0);
$forum_id = request_var('forum_id', array(0));
$username = request_var('username', array(''), true);
$usernames = request_var('usernames', '', true);
$username = request_var('username', array(''));
$usernames = request_var('usernames', '');
$user_id = request_var('user_id', array(0));
$group_id = request_var('group_id', array(0));
@ -70,7 +70,7 @@ class acp_permissions
if ($select_all_groups)
{
// Add default groups to selection
$sql_and = ($config['coppa_hide_groups']) ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
$sql_and = (!$config['coppa_enable']) ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . '
@ -213,7 +213,32 @@ class acp_permissions
switch ($action)
{
case 'delete':
$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
// All users/groups selected?
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;
if ($all_users || $all_groups)
{
$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
if ($all_users && sizeof($items['user_ids']))
{
$user_id = $items['user_ids'];
}
else if ($all_groups && sizeof($items['group_ids']))
{
$group_id = $items['group_ids'];
}
}
if (sizeof($user_id) || sizeof($group_id))
{
$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
}
else
{
trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action));
}
break;
case 'apply_permissions':
@ -273,7 +298,7 @@ class acp_permissions
continue 2;
}
$forum_list = make_forum_select(false, false, true, false, false, true);
$forum_list = make_forum_select(false, false, true, false, false, false, true);
// Build forum options
$s_forum_options = '';
@ -343,99 +368,30 @@ class acp_permissions
continue 2;
}
$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'u.username, u.user_regdate, u.user_id',
'FROM' => array(
USERS_TABLE => 'u',
ACL_OPTIONS_TABLE => 'o',
ACL_USERS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
$sql_forum_id
AND u.user_id = a.user_id",
'ORDER_BY' => 'u.username, u.user_regdate ASC'
));
$result = $db->sql_query($sql);
$s_defined_user_options = '';
$defined_user_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
$defined_user_ids[] = $row['user_id'];
}
$db->sql_freeresult($result);
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'g.group_type, g.group_name, g.group_id',
'FROM' => array(
GROUPS_TABLE => 'g',
ACL_OPTIONS_TABLE => 'o',
ACL_GROUPS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
$sql_forum_id
AND g.group_id = a.group_id",
'ORDER_BY' => 'g.group_type DESC, g.group_name ASC'
));
$result = $db->sql_query($sql);
$s_defined_group_options = '';
$defined_group_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$s_defined_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
$defined_group_ids[] = $row['group_id'];
}
$db->sql_freeresult($result);
$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
// Now we check the users... because the "all"-selection is different here (all defined users/groups)
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;
if ($all_users && sizeof($defined_user_ids))
if ($all_users && sizeof($items['user_ids']))
{
$user_id = $defined_user_ids;
$user_id = $items['user_ids'];
continue 2;
}
if ($all_groups && sizeof($defined_group_ids))
if ($all_groups && sizeof($items['group_ids']))
{
$group_id = $defined_group_ids;
$group_id = $items['group_ids'];
continue 2;
}
$template->assign_vars(array(
'S_SELECT_USERGROUP' => ($victim == 'usergroup') ? true : false,
'S_SELECT_USERGROUP_VIEW' => ($victim == 'usergroup_view') ? true : false,
'S_DEFINED_USER_OPTIONS' => $s_defined_user_options,
'S_DEFINED_GROUP_OPTIONS' => $s_defined_group_options,
'S_ADD_GROUP_OPTIONS' => group_select_options(false, $defined_group_ids),
'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'],
'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'],
'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids']),
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=add_user&amp;field=username'))
);
@ -457,7 +413,7 @@ class acp_permissions
{
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
ORDER BY forum_name ASC';
$result = $db->sql_query($sql);
@ -497,7 +453,7 @@ class acp_permissions
'S_SETTING_PERMISSIONS' => true)
);
$hold_ary = $auth_admin->get_mask('set', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_UNSET);
$hold_ary = $auth_admin->get_mask('set', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
$auth_admin->display_mask('set', $permission_type, $hold_ary, ((sizeof($user_id)) ? 'user' : 'group'), (($permission_scope == 'local') ? true : false));
}
else
@ -506,7 +462,7 @@ class acp_permissions
'S_VIEWING_PERMISSIONS' => true)
);
$hold_ary = $auth_admin->get_mask('view', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
$hold_ary = $auth_admin->get_mask('view', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER);
$auth_admin->display_mask('view', $permission_type, $hold_ary, ((sizeof($user_id)) ? 'user' : 'group'), (($permission_scope == 'local') ? true : false));
}
}
@ -598,7 +554,7 @@ class acp_permissions
$sql = "SELECT $sql_id
FROM $table
WHERE $sql_id IN (" . implode(', ', $ids) . ')';
WHERE " . $db->sql_in_set($sql_id, $ids);
$result = $db->sql_query($sql);
$ids = array();
@ -783,10 +739,10 @@ class acp_permissions
}
$db->sql_freeresult($result);
// We need to add any ACL_UNSET setting from auth_settings to compare correctly
// We need to add any ACL_NO setting from auth_settings to compare correctly
foreach ($auth_settings as $option => $setting)
{
if ($setting == ACL_UNSET)
if ($setting == ACL_NO)
{
$test_auth_settings[$option] = $setting;
}
@ -847,8 +803,8 @@ class acp_permissions
}
// Logging ... first grab user or groupnames ...
$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id';
$sql .= ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE ' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE ';
$sql .= $db->sql_in_set(($ug_type == 'group') ? 'group_id' : 'user_id', array_map('intval', $ug_id));
$result = $db->sql_query($sql);
$l_ug_list = '';
@ -869,7 +825,7 @@ class acp_permissions
// Grab the forum details if non-zero forum_id
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$l_forum_list = '';
@ -902,7 +858,7 @@ class acp_permissions
if (sizeof($perms))
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE zebra_id IN (' . implode(', ', array_unique($perms)) . ')
WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
AND foe = 1';
$db->sql_query($sql);
}
@ -960,8 +916,8 @@ class acp_permissions
'WHO' => $user->lang['DEFAULT'],
'INFORMATION' => $user->lang['TRACE_DEFAULT'],
'S_SETTING_UNSET' => true,
'S_TOTAL_UNSET' => true)
'S_SETTING_NO' => true,
'S_TOTAL_NO' => true)
);
$sql = 'SELECT DISTINCT g.group_name, g.group_id, g.group_type
@ -976,12 +932,13 @@ class acp_permissions
while ($row = $db->sql_fetchrow($result))
{
$groups[$row['group_id']] = array(
'auth_setting' => ACL_UNSET,
'auth_setting' => ACL_NO,
'group_name' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']
);
}
$db->sql_freeresult($result);
$total = ACL_NO;
if (sizeof($groups))
{
// Get group auth settings
@ -993,23 +950,22 @@ class acp_permissions
}
unset($hold_ary);
$total = ACL_UNSET;
foreach ($groups as $id => $row)
{
switch ($row['auth_setting'])
{
case ACL_UNSET:
$information = $user->lang['TRACE_GROUP_UNSET'];
case ACL_NO:
$information = $user->lang['TRACE_GROUP_NO'];
break;
case ACL_YES:
$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_GROUP_YES_TOTAL_NO'] : $user->lang['TRACE_GROUP_YES_TOTAL_UNSET']);
$total = ($total == ACL_UNSET) ? ACL_YES : $total;
$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_YES_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_YES_TOTAL_NO']);
$total = ($total == ACL_NO) ? ACL_YES : $total;
break;
case ACL_NO:
$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NO_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_GROUP_NO_TOTAL_NO'] : $user->lang['TRACE_GROUP_NO_TOTAL_UNSET']);
$total = ACL_NO;
case ACL_NEVER:
$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_NEVER_TOTAL_NO']);
$total = ACL_NEVER;
break;
}
@ -1017,35 +973,35 @@ class acp_permissions
'WHO' => $row['group_name'],
'INFORMATION' => $information,
'S_SETTING_UNSET' => ($row['auth_setting'] == ACL_UNSET) ? true : false,
'S_SETTING_YES' => ($row['auth_setting'] == ACL_YES) ? true : false,
'S_SETTING_NO' => ($row['auth_setting'] == ACL_NO) ? true : false,
'S_TOTAL_UNSET' => ($total == ACL_UNSET) ? true : false,
'S_SETTING_YES' => ($row['auth_setting'] == ACL_YES) ? true : false,
'S_SETTING_NEVER' => ($row['auth_setting'] == ACL_NEVER) ? true : false,
'S_TOTAL_NO' => ($total == ACL_NO) ? true : false,
'S_TOTAL_YES' => ($total == ACL_YES) ? true : false,
'S_TOTAL_NO' => ($total == ACL_NO) ? true : false)
'S_TOTAL_NEVER' => ($total == ACL_NEVER) ? true : false)
);
}
}
// Get user specific permission...
$hold_ary = $auth->acl_user_raw_data($user_id, $permission, $forum_id);
$auth_setting = (!sizeof($hold_ary)) ? ACL_UNSET : $hold_ary[$user_id][$forum_id][$permission];
$auth_setting = (!sizeof($hold_ary)) ? ACL_NO : $hold_ary[$user_id][$forum_id][$permission];
switch ($auth_setting)
{
case ACL_UNSET:
$information = ($total == ACL_UNSET) ? $user->lang['TRACE_USER_UNSET_TOTAL_UNSET'] : $user->lang['TRACE_USER_KEPT'];
$total = ($total == ACL_UNSET) ? ACL_NO : $total;
case ACL_NO:
$information = ($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_KEPT'];
$total = ($total == ACL_NO) ? ACL_NEVER : $total;
break;
case ACL_YES:
$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_USER_YES_TOTAL_NO'] : $user->lang['TRACE_USER_YES_TOTAL_UNSET']);
$total = ($total == ACL_UNSET) ? ACL_YES : $total;
$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_YES_TOTAL_NEVER'] : $user->lang['TRACE_USER_YES_TOTAL_NO']);
$total = ($total == ACL_NO) ? ACL_YES : $total;
break;
case ACL_NO:
$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NO_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_NO_TOTAL_UNSET']);
$total = ACL_NO;
case ACL_NEVER:
$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_USER_NEVER_TOTAL_NO']);
$total = ACL_NEVER;
break;
}
@ -1053,12 +1009,12 @@ class acp_permissions
'WHO' => $userdata['username'],
'INFORMATION' => $information,
'S_SETTING_UNSET' => ($auth_setting == ACL_UNSET) ? true : false,
'S_SETTING_YES' => ($auth_setting == ACL_YES) ? true : false,
'S_SETTING_NO' => ($auth_setting == ACL_NO) ? true : false,
'S_TOTAL_UNSET' => false,
'S_SETTING_YES' => ($auth_setting == ACL_YES) ? true : false,
'S_SETTING_NEVER' => ($auth_setting == ACL_NEVER) ? true : false,
'S_TOTAL_NO' => false,
'S_TOTAL_YES' => ($total == ACL_YES) ? true : false,
'S_TOTAL_NO' => ($total == ACL_NO) ? true : false)
'S_TOTAL_NEVER' => ($total == ACL_NEVER) ? true : false)
);
// global permission might overwrite local permission
@ -1077,24 +1033,24 @@ class acp_permissions
if ($auth_setting)
{
$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_YES'] : $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_NO'];
$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_YES'] : $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_NEVER'];
$total = ACL_YES;
}
else
{
$information = $user->lang['TRACE_USER_GLOBAL_NO_TOTAL_KEPT'];
$information = $user->lang['TRACE_USER_GLOBAL_NEVER_TOTAL_KEPT'];
}
$template->assign_block_vars('trace', array(
'WHO' => sprintf($user->lang['TRACE_GLOBAL_SETTING'], $userdata['username']),
'INFORMATION' => sprintf($information, '<a href="' . $this->u_action . "&amp;u=$user_id&amp;f=0&amp;auth=$permission&amp;back=$forum_id\">", '</a>'),
'S_SETTING_UNSET' => false,
'S_SETTING_NO' => false,
'S_SETTING_YES' => $auth_setting,
'S_SETTING_NO' => !$auth_setting,
'S_TOTAL_UNSET' => false,
'S_SETTING_NEVER' => !$auth_setting,
'S_TOTAL_NO' => false,
'S_TOTAL_YES' => ($total == ACL_YES) ? true : false,
'S_TOTAL_NO' => ($total == ACL_NO) ? true : false)
'S_TOTAL_NEVER' => ($total == ACL_NEVER) ? true : false)
);
}
@ -1105,15 +1061,101 @@ class acp_permissions
'WHO' => $userdata['username'],
'INFORMATION' => $user->lang['TRACE_USER_FOUNDER'],
'S_SETTING_UNSET' => ($auth_setting == ACL_UNSET) ? true : false,
'S_SETTING_YES' => ($auth_setting == ACL_YES) ? true : false,
'S_SETTING_NO' => ($auth_setting == ACL_NO) ? true : false,
'S_TOTAL_UNSET' => false,
'S_SETTING_YES' => ($auth_setting == ACL_YES) ? true : false,
'S_SETTING_NEVER' => ($auth_setting == ACL_NEVER) ? true : false,
'S_TOTAL_NO' => false,
'S_TOTAL_YES' => true,
'S_TOTAL_NO' => false)
'S_TOTAL_NEVER' => false)
);
}
}
/**
* Get already assigned users/groups
*/
function retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type)
{
global $db, $user;
$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'u.username, u.user_regdate, u.user_id',
'FROM' => array(
USERS_TABLE => 'u',
ACL_OPTIONS_TABLE => 'o',
ACL_USERS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
$sql_forum_id
AND u.user_id = a.user_id",
'ORDER_BY' => 'u.username, u.user_regdate ASC'
));
$result = $db->sql_query($sql);
$s_defined_user_options = '';
$defined_user_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
$defined_user_ids[] = $row['user_id'];
}
$db->sql_freeresult($result);
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'g.group_type, g.group_name, g.group_id',
'FROM' => array(
GROUPS_TABLE => 'g',
ACL_OPTIONS_TABLE => 'o',
ACL_GROUPS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
$sql_forum_id
AND g.group_id = a.group_id",
'ORDER_BY' => 'g.group_type DESC, g.group_name ASC'
));
$result = $db->sql_query($sql);
$s_defined_group_options = '';
$defined_group_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$s_defined_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
$defined_group_ids[] = $row['group_id'];
}
$db->sql_freeresult($result);
return array(
'group_ids' => $defined_group_ids,
'group_ids_options' => $s_defined_group_options,
'user_ids' => $defined_user_ids,
'user_ids_options' => $s_defined_user_options
);
}
}
?>

590
phpBB/includes/acp/acp_profile.php
View file

@ -50,7 +50,8 @@ class acp_profile
$lang_defs = array();
$sql = 'SELECT lang_id, lang_iso
FROM ' . LANG_TABLE;
FROM ' . LANG_TABLE . '
ORDER BY lang_english_name';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -63,7 +64,7 @@ class acp_profile
$sql = 'SELECT field_id, lang_id
FROM ' . PROFILE_LANG_TABLE . '
ORDER BY lang_id';
ORDER BY lang_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -119,19 +120,19 @@ class acp_profile
$db->sql_freeresult($result);
// Create a temp table and populate it, destroy the existing one
$db->sql_query(preg_replace('#CREATE\s+TABLE\s+' . PROFILE_FIELDS_DATA_TABLE . '#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
$db->sql_query(preg_replace('#CREATE\s+TABLE\s+"?' . PROFILE_FIELDS_DATA_TABLE . '"?#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
preg_match('#\((.*)\)#s', $row['sql'], $matches);
$new_table_cols = $matches[1];
$new_table_cols = trim($matches[1]);
$old_table_cols = explode(',', $new_table_cols);
$column_list = array();
foreach($old_table_cols as $declaration)
{
$entities = preg_split('#\s+#', $declaration);
if ($entities[0] !== $field_ident)
$entities = preg_split('#\s+#', trim($declaration));
if ($entities[0] !== '_' . $field_ident)
{
$column_list[] = $entities[0];
}
@ -139,7 +140,7 @@ class acp_profile
$columns = implode(',', $column_list);
$new_table_cols = preg_replace('/' . $field_ident . '[^,]+,/', '', $new_table_cols);
$new_table_cols = preg_replace('/' . '_' . $field_ident . '[^,]+,/', '', $new_table_cols);
// create a new table and fill it up. destroy the temp one
$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
@ -148,7 +149,7 @@ class acp_profile
break;
default:
$db->sql_query('ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " DROP $field_ident");
$db->sql_query('ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " DROP _$field_ident");
}
$order = 0;
@ -293,16 +294,17 @@ class acp_profile
$field_type = $field_row['field_type'];
// Get language entries
$sql = 'SELECT * FROM ' . PROFILE_FIELDS_LANG_TABLE . '
$sql = 'SELECT *
FROM ' . PROFILE_FIELDS_LANG_TABLE . '
WHERE lang_id = ' . $lang_defs['iso'][$config['default_lang']] . "
AND field_id = $field_id
ORDER BY option_id ASC";
ORDER BY option_id ASC";
$result = $db->sql_query($sql);
$lang_options = array();
while ($row = $db->sql_fetchrow($result))
{
$lang_options[$row['option_id']] = $row['value'];
$lang_options[$row['option_id']] = $row['lang_value'];
}
$db->sql_freeresult($result);
@ -474,7 +476,8 @@ class acp_profile
if ($action == 'edit')
{
// Get language entries
$sql = 'SELECT * FROM ' . PROFILE_FIELDS_LANG_TABLE . '
$sql = 'SELECT *
FROM ' . PROFILE_FIELDS_LANG_TABLE . '
WHERE lang_id <> ' . $lang_defs['iso'][$config['default_lang']] . "
AND field_id = $field_id
ORDER BY option_id ASC";
@ -483,12 +486,13 @@ class acp_profile
$l_lang_options = array();
while ($row = $db->sql_fetchrow($result))
{
$l_lang_options[$row['lang_id']][$row['option_id']] = $row['value'];
$l_lang_options[$row['lang_id']][$row['option_id']] = $row['lang_value'];
}
$db->sql_freeresult($result);
$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value FROM ' . PROFILE_LANG_TABLE . '
$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value
FROM ' . PROFILE_LANG_TABLE . '
WHERE lang_id <> ' . $lang_defs['iso'][$config['default_lang']] . "
AND field_id = $field_id
ORDER BY lang_id ASC";
@ -536,7 +540,7 @@ class acp_profile
if ($cp->vars['lang_name'] == '')
{
$error[] = $user->lang['EMPTY_USER_FIELD_IDENT'];
$error[] = $user->lang['EMPTY_USER_FIELD_NAME'];
}
if ($field_type == FIELD_BOOL || $field_type == FIELD_DROPDOWN)
@ -769,7 +773,8 @@ class acp_profile
$sql = 'SELECT lang_id, lang_iso
FROM ' . LANG_TABLE . "
WHERE lang_iso <> '" . $config['default_lang'] . "'";
WHERE lang_iso <> '" . $config['default_lang'] . "'
ORDER BY lang_english_name";
$result = $db->sql_query($sql);
$languages = array();
@ -928,278 +933,28 @@ class acp_profile
'field_active' => 1
);
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields));
$sql = 'INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields);
$db->sql_query($sql);
$field_id = $db->sql_nextid();
}
else
{
$db->sql_query('UPDATE ' . PROFILE_FIELDS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "
WHERE field_id = $field_id");
$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "
WHERE field_id = $field_id";
$db->sql_query($sql);
}
if ($action == 'create')
{
switch (SQL_LAYER)
{
case 'mysql':
case 'mysql4':
case 'mysqli':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD `$field_ident` ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$sql .= "TEXT";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
break;
case FIELD_BOOL:
$sql .= 'TINYINT(2) ';
break;
case FIELD_DROPDOWN:
$sql .= 'MEDIUMINT(8) ';
break;
case FIELD_INT:
$sql .= 'BIGINT(20) ';
break;
}
break;
case 'sqlite':
switch ($field_type)
{
case FIELD_STRING:
$type = ' VARCHAR(255) ';
break;
case FIELD_DATE:
$type = 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$type = "TEXT(65535)";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
break;
case FIELD_BOOL:
$type = 'TINYINT(2) ';
break;
case FIELD_DROPDOWN:
$type = 'MEDIUMINT(8) ';
break;
case FIELD_INT:
$type = 'BIGINT(20) ';
break;
}
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
if (version_compare(sqlite_libversion(), '3.0') == -1)
{
$sql = "SELECT sql
FROM sqlite_master
WHERE type = 'table'
AND name = '" . PROFILE_FIELDS_DATA_TABLE . "'
ORDER BY type DESC, name;";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Create a temp table and populate it, destroy the existing one
$db->sql_query(preg_replace('#CREATE\s+TABLE\s+' . PROFILE_FIELDS_DATA_TABLE . '#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
preg_match('#\((.*)\)#s', $row['sql'], $matches);
$new_table_cols = $matches[1];
$old_table_cols = explode(',', $new_table_cols);
$column_list = array();
foreach($old_table_cols as $declaration)
{
$entities = preg_split('#\s+#', $declaration);
$column_list[] = $entities[0];
}
$columns = implode(',', $column_list);
$new_table_cols = $field_ident . ' ' . $type . ',' . $new_table_cols;
// create a new table and fill it up. destroy the temp one
$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $columns . ') SELECT ' . $columns . ' FROM ' . PROFILE_FIELDS_DATA_TABLE . '_temp;');
$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp');
}
else
{
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident $type";
}
break;
case 'mssql':
case 'mssql_odbc':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD $field_ident ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' [VARCHAR] (255) ';
break;
case FIELD_DATE:
$sql .= '[VARCHAR] (10) ';
break;
case FIELD_TEXT:
$sql .= "[TEXT]";
// ADD {$field_ident}_bbcode_uid [VARCHAR] (5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield [INT] UNSIGNED";
break;
case FIELD_BOOL:
case FIELD_DROPDOWN:
$sql .= '[INT] ';
break;
case FIELD_INT:
$sql .= '[FLOAT] ';
break;
}
break;
case 'postgres':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD COLUMN $field_ident ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$sql .= "TEXT";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INT4 UNSIGNED";
break;
case FIELD_BOOL:
$sql .= 'INT2 ';
break;
case FIELD_DROPDOWN:
$sql .= 'INT4 ';
break;
case FIELD_INT:
$sql .= 'INT8 ';
break;
}
break;
case 'firebird':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$sql .= "BLOB SUB_TYPE TEXT";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INTEGER UNSIGNED";
break;
case FIELD_BOOL:
case FIELD_DROPDOWN:
$sql .= 'INTEGER ';
break;
case FIELD_INT:
$sql .= 'DOUBLE PRECISION ';
break;
}
break;
case 'oracle':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR2(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR2(10) ';
break;
case FIELD_TEXT:
$sql .= "CLOB";
// ADD {$field_ident}_bbcode_uid VARCHAR2(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield NUMBER(11) UNSIGNED";
break;
case FIELD_BOOL:
$sql .= 'NUMBER(2) ';
break;
case FIELD_DROPDOWN:
$sql .= 'NUMBER(8) ';
break;
case FIELD_INT:
$sql .= 'NUMBER(20) ';
break;
}
break;
}
$profile_sql[] = $sql;
$field_ident = '_' . $field_ident;
$profile_sql[] = $this->add_field_ident($field_ident, $field_type);
}
$sql_ary = array(
'lang_name' => $cp->vars['lang_name'],
'lang_explain' => $cp->vars['lang_explain'],
'lang_name' => $cp->vars['lang_name'],
'lang_explain' => $cp->vars['lang_explain'],
'lang_default_value' => $cp->vars['lang_default_value']
);
@ -1272,7 +1027,7 @@ class acp_profile
{
$sql_ary = array(
'field_type' => (int) $field_type,
'value' => $value
'lang_value' => $value
);
if ($action == 'create')
@ -1286,9 +1041,9 @@ class acp_profile
else
{
$this->update_insert(PROFILE_FIELDS_LANG_TABLE, $sql_ary, array(
'field_id' => $field_id,
'lang_id' => (int) $default_lang_id,
'option_id' => (int) $option_id)
'field_id' => $field_id,
'lang_id' => (int) $default_lang_id,
'option_id' => (int) $option_id)
);
}
}
@ -1327,7 +1082,7 @@ class acp_profile
'lang_id' => (int) $lang_id,
'option_id' => (int) $option_id,
'field_type' => (int) $field_type,
'value' => $value
'lang_value' => $value
);
}
}
@ -1380,6 +1135,7 @@ class acp_profile
}
}
$db->sql_transaction('begin');
if ($action == 'create')
@ -1399,7 +1155,7 @@ class acp_profile
}
else
{
add_log('admin', 'LOG_PROFILE_FIELD_CREATE', $field_ident . ':' . $cp->vars['lang_name']);
add_log('admin', 'LOG_PROFILE_FIELD_CREATE', substr($field_ident, 1) . ':' . $cp->vars['lang_name']);
trigger_error($user->lang['ADDED_PROFILE_FIELD'] . adm_back_link($this->u_action));
}
}
@ -1451,6 +1207,276 @@ class acp_profile
}
}
}
/**
* Return sql statement for adding a new field ident (profile field) to the profile fields data table
*/
function add_field_ident($field_ident, $field_type)
{
global $db;
switch (SQL_LAYER)
{
case 'mysql':
case 'mysql4':
case 'mysqli':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD `$field_ident` ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$sql .= "TEXT";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
break;
case FIELD_BOOL:
$sql .= 'TINYINT(2) ';
break;
case FIELD_DROPDOWN:
$sql .= 'MEDIUMINT(8) ';
break;
case FIELD_INT:
$sql .= 'BIGINT(20) ';
break;
}
break;
case 'sqlite':
switch ($field_type)
{
case FIELD_STRING:
$type = ' VARCHAR(255) ';
break;
case FIELD_DATE:
$type = 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$type = "TEXT(65535)";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
break;
case FIELD_BOOL:
$type = 'TINYINT(2) ';
break;
case FIELD_DROPDOWN:
$type = 'MEDIUMINT(8) ';
break;
case FIELD_INT:
$type = 'BIGINT(20) ';
break;
}
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
if (version_compare(sqlite_libversion(), '3.0') == -1)
{
$sql = "SELECT sql
FROM sqlite_master
WHERE type = 'table'
AND name = '" . PROFILE_FIELDS_DATA_TABLE . "'
ORDER BY type DESC, name;";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Create a temp table and populate it, destroy the existing one
$db->sql_query(preg_replace('#CREATE\s+TABLE\s+"?' . PROFILE_FIELDS_DATA_TABLE . '"?#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
preg_match('#\((.*)\)#s', $row['sql'], $matches);
$new_table_cols = trim($matches[1]);
$old_table_cols = explode(',', $new_table_cols);
$column_list = array();
foreach ($old_table_cols as $declaration)
{
$entities = preg_split('#\s+#', trim($declaration));
if ($entities == 'PRIMARY')
{
continue;
}
$column_list[] = $entities[0];
}
$columns = implode(',', $column_list);
$new_table_cols = $field_ident . ' ' . $type . ',' . $new_table_cols;
// create a new table and fill it up. destroy the temp one
$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $columns . ') SELECT ' . $columns . ' FROM ' . PROFILE_FIELDS_DATA_TABLE . '_temp;');
$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp');
}
else
{
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident [$type]";
}
break;
case 'mssql':
case 'mssql_odbc':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' [VARCHAR] (255) ';
break;
case FIELD_DATE:
$sql .= '[VARCHAR] (10) ';
break;
case FIELD_TEXT:
$sql .= "[TEXT]";
// ADD {$field_ident}_bbcode_uid [VARCHAR] (5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield [INT] UNSIGNED";
break;
case FIELD_BOOL:
case FIELD_DROPDOWN:
$sql .= '[INT] ';
break;
case FIELD_INT:
$sql .= '[FLOAT] ';
break;
}
break;
case 'postgres':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD COLUMN \"$field_ident\" ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$sql .= "TEXT";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INT4 UNSIGNED";
break;
case FIELD_BOOL:
$sql .= 'INT2 ';
break;
case FIELD_DROPDOWN:
$sql .= 'INT4 ';
break;
case FIELD_INT:
$sql .= 'INT8 ';
break;
}
break;
case 'firebird':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD \"$field_ident\" ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) ';
break;
case FIELD_TEXT:
$sql .= "BLOB SUB_TYPE TEXT";
// ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield INTEGER UNSIGNED";
break;
case FIELD_BOOL:
case FIELD_DROPDOWN:
$sql .= 'INTEGER ';
break;
case FIELD_INT:
$sql .= 'DOUBLE PRECISION ';
break;
}
break;
case 'oracle':
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD \"$field_ident\" ";
switch ($field_type)
{
case FIELD_STRING:
$sql .= ' VARCHAR2(255) ';
break;
case FIELD_DATE:
$sql .= 'VARCHAR2(10) ';
break;
case FIELD_TEXT:
$sql .= "CLOB";
// ADD {$field_ident}_bbcode_uid VARCHAR2(5) NOT NULL,
// ADD {$field_ident}_bbcode_bitfield NUMBER(11) UNSIGNED";
break;
case FIELD_BOOL:
$sql .= 'NUMBER(2) ';
break;
case FIELD_DROPDOWN:
$sql .= 'NUMBER(8) ';
break;
case FIELD_INT:
$sql .= 'NUMBER(20) ';
break;
}
break;
}
return $sql;
}
}
?>

18
phpBB/includes/acp/acp_prune.php
View file

@ -68,7 +68,7 @@ class acp_prune
'S_PRUNED' => true)
);
$sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
$sql_forum = (sizeof($forum_id)) ? ' AND ' . $db->sql_in_set('forum_id', $forum_id) : '';
// Get a list of forum's or the data for the forum that we are pruning.
$sql = 'SELECT forum_id, forum_name
@ -148,7 +148,7 @@ class acp_prune
{
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -202,19 +202,11 @@ class acp_prune
if ($users)
{
$users = explode("\n", $users);
$where_sql = '';
foreach ($users as $username)
{
$where_sql .= (($where_sql != '') ? ', ' : '') . "'" . $db->sql_escape($username) . "'";
}
$where_sql = " AND username IN ($where_sql)";
$where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
}
else
{
$username = request_var('username', '', true);
$username = request_var('username', '');
$email = request_var('email', '');
$joined_select = request_var('joined_select', 'lt');
@ -317,7 +309,7 @@ class acp_prune
'prune' => 1,
'users' => request_var('users', ''),
'username' => request_var('username', '', true),
'username' => request_var('username', ''),
'email' => request_var('email', ''),
'joined_select' => request_var('joined_select', ''),
'joined' => request_var('joined', ''),

4
phpBB/includes/acp/acp_ranks.php
View file

@ -37,7 +37,7 @@ class acp_ranks
$rank_title = request_var('title', '', true);
$special_rank = request_var('special_rank', 0);
$min_posts = ($special_rank) ? -1 : request_var('min_posts', 0);
$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0);
$rank_image = request_var('rank_image', '');
// The rank image has to be a jpg, gif or png
@ -130,7 +130,7 @@ class acp_ranks
{
foreach ($img_ary as $img)
{
$img = substr($path, 1) . (($path != '') ? '/' : '') . $img;
$img = $path . $img;
if (!in_array($img, $existing_imgs) || $action == 'edit')
{

38
phpBB/includes/acp/acp_reasons.php
View file

@ -76,7 +76,7 @@ class acp_reasons
{
$sql = 'SELECT reason_id
FROM ' . REPORTS_REASONS_TABLE . "
WHERE LOWER(reason_title) = '" . strtolower($reason_row['reason_title']) . "'";
WHERE LOWER(reason_title) = '" . strtolower($db->sql_escape($reason_row['reason_title'])) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -198,10 +198,38 @@ class acp_reasons
$other_reason_id = (int) $db->sql_fetchfield('reason_id');
$db->sql_freeresult($result);
// Change the reports using this reason to 'other'
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)
WHERE reason_id = $reason_id";
switch (SQL_LAYER)
{
// The ugly one!
case 'mysqli':
case 'mysql4':
case 'mysql':
// Change the reports using this reason to 'other'
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)
WHERE reason_id = $reason_id";
break;
// Nearly standard, not quite
case 'mssql':
case 'mssql_odbc':
// Change the reports using this reason to 'other'
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET reason_id = ' . $other_reason_id . ", report_text = '" . $db->sql_escape($reason_row['reason_description']) . "\n\n' + report_text
WHERE reason_id = $reason_id";
break;
// Teh standard
case 'postgres':
case 'oracle':
case 'firebird':
case 'sqlite':
// Change the reports using this reason to 'other'
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET reason_id = ' . $other_reason_id . ", report_text = '" . $db->sql_escape($reason_row['reason_description']) . "\n\n' || report_text
WHERE reason_id = $reason_id";
break;
}
$db->sql_query($sql);
$db->sql_query('DELETE FROM ' . REPORTS_REASONS_TABLE . ' WHERE reason_id = ' . $reason_id);

19
phpBB/includes/acp/acp_search.php
View file

@ -267,23 +267,24 @@ class acp_search
}
else
{
$sql = 'SELECT post_id, poster_id
$sql = 'SELECT post_id, poster_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id >= ' . (int) ($post_counter + 1) . '
AND post_id < ' . (int) ($post_counter + $this->batch_size);
$result = $db->sql_query($sql);
$ids = $posters = array();
while (false !== ($row = $db->sql_fetchrow($result)))
while ($row = $db->sql_fetchrow($result))
{
$ids[] = $row['post_id'];
$posters[] = $row['poster_id'];
$forum_ids[] = $row['forum_id'];
}
$db->sql_freeresult($result);
if (sizeof($ids))
{
$this->search->index_remove($ids, $posters);
$this->search->index_remove($ids, $posters, $forum_ids);
}
$post_counter += $this->batch_size;
@ -318,15 +319,15 @@ class acp_search
}
else
{
$sql = 'SELECT post_id, post_subject, post_text, poster_id
$sql = 'SELECT post_id, post_subject, post_text, post_encoding, poster_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id >= ' . (int) ($post_counter + 1) . '
AND post_id < ' . (int) ($post_counter + $this->batch_size);
$result = $db->sql_query($sql);
while (false !== ($row = $db->sql_fetchrow($result)))
while ($row = $db->sql_fetchrow($result))
{
$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id']);
$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['post_encoding'], $row['poster_id'], $row['forum_id']);
}
$db->sql_freeresult($result);
@ -523,6 +524,12 @@ class acp_search
include_once("{$phpbb_root_path}includes/search/$type.$phpEx");
if (!class_exists($type))
{
$error = $user->lang['NO_SUCH_SEARCH_MODULE'];
return $error;
}
$error = false;
$search = new $type($error);

272
phpBB/includes/acp/acp_styles.php
View file

@ -27,7 +27,14 @@ class acp_styles
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
// Hardcoded template bitfield to add for new templates
define('TEMPLATE_BITFIELD', 6921);
$bitfield = new bitfield();
$bitfield->set(0);
$bitfield->set(3);
$bitfield->set(8);
$bitfield->set(9);
$bitfield->set(11);
$bitfield->set(12);
define('TEMPLATE_BITFIELD', $bitfield->get_base64());
$user->add_lang('acp/styles');
@ -82,7 +89,32 @@ parse_css_file = {PARSE_CSS_FILE}
pagination_sep = \'{PAGINATION_SEP}\'
';
$this->imageset_keys = 'site_logo, btn_post, btn_post_pm, btn_reply, btn_reply_pm, btn_locked, btn_profile, btn_pm, btn_delete, btn_info, btn_quote, btn_search, btn_edit, btn_report, btn_email, btn_www, btn_icq, btn_aim, btn_yim, btn_msnm, btn_jabber, btn_online, btn_offline, btn_friend, btn_foe, icon_unapproved, icon_reported, icon_attach, icon_post, icon_post_new, icon_post_latest, icon_post_newest, forum, forum_new, forum_locked, forum_link, sub_forum, sub_forum_new, folder, folder_moved, folder_posted, folder_new, folder_new_posted, folder_hot, folder_hot_posted, folder_hot_new, folder_hot_new_posted, folder_locked, folder_locked_posted, folder_locked_new, folder_locked_new_posted, folder_sticky, folder_sticky_posted, folder_sticky_new, folder_sticky_new_posted, folder_announce, folder_announce_posted, folder_announce_new, folder_announce_new_posted, folder_global, folder_global_posted, folder_global_new, folder_global_new_posted, poll_left, poll_center, poll_right, attach_progress_bar, user_icon1, user_icon2, user_icon3, user_icon4, user_icon5, user_icon6, user_icon7, user_icon8, user_icon9, user_icon10';
$this->imageset_keys = array(
'logos' => array(
'site_logo',
),
'buttons' => array(
'icon_contact_aim', 'icon_contact_email', 'icon_contact_icq', 'icon_contact_jabber', 'icon_contact_msnm', 'icon_contact_pm', 'icon_contact_yahoo', 'icon_contact_www', 'icon_post_delete', 'icon_post_edit', 'icon_post_info', 'icon_post_quote', 'icon_post_report', 'icon_user_online', 'icon_user_offline', 'icon_user_profile', 'icon_user_search', 'icon_user_warn', 'button_pm_forward', 'button_pm_new', 'button_pm_reply', 'button_topic_locked', 'button_topic_new', 'button_topic_reply',
),
'icons' => array(
'icon_post_target', 'icon_post_target_unread', 'icon_topic_attach', 'icon_topic_latest', 'icon_topic_newest', 'icon_topic_reported', 'icon_topic_unapproved', 'icon_friend', 'icon_foe',
),
'forums' => array(
'forum_link', 'forum_read', 'forum_read_locked', 'forum_read_subforum', 'forum_unread', 'forum_unread_locked', 'forum_unread_subforum',
),
'folders' => array(
'topic_moved', 'topic_read', 'topic_read_mine', 'topic_read_hot', 'topic_read_hot_mine', 'topic_read_locked', 'topic_read_locked_mine', 'topic_unread', 'topic_unread_mine', 'topic_unread_hot', 'topic_unread_hot_mine', 'topic_unread_locked', 'topic_unread_locked_mine', 'sticky_read', 'sticky_read_mine', 'sticky_read_locked', 'sticky_read_locked_mine', 'sticky_unread', 'sticky_unread_mine', 'sticky_unread_locked', 'sticky_unread_locked_mine', 'announce_read', 'announce_read_mine', 'announce_read_locked', 'announce_read_locked_mine', 'announce_unread', 'announce_unread_mine', 'announce_unread_locked', 'announce_unread_locked_mine', 'global_read', 'global_read_mine', 'global_read_locked', 'global_read_locked_mine', 'global_unread', 'global_unread_mine', 'global_unread_locked', 'global_unread_locked_mine', 'pm_read', 'pm_unread',
),
'polls' => array(
'poll_left', 'poll_center', 'poll_right',
),
'ui' => array(
'upload_bar',
),
'user' => array(
'user_icon1', 'user_icon2', 'user_icon3', 'user_icon4', 'user_icon5', 'user_icon6', 'user_icon7', 'user_icon8', 'user_icon9', 'user_icon10',
),
);
// Execute overall actions
switch ($action)
@ -183,7 +215,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
break;
}
$this->frontend('style', array('details', 'export', 'delete'));
$this->frontend('style', array('details'), array('export', 'delete'));
break;
case 'template':
@ -260,7 +292,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
break;
}
$this->frontend('template', array('cache', 'details', 'refresh', 'edit', 'export', 'delete'));
$this->frontend('template', array('edit', 'cache', 'details'), array('refresh', 'export', 'delete'));
break;
case 'theme':
@ -303,6 +335,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$cache->destroy('sql', STYLES_THEME_TABLE);
add_log('admin', 'LOG_THEME_REFRESHED', $theme_row['theme_name']);
trigger_error($user->lang['THEME_REFRESHED'] . adm_back_link($this->u_action));
}
}
@ -318,11 +351,74 @@ pagination_sep = \'{PAGINATION_SEP}\'
break;
}
$this->frontend('theme', array('details', 'refresh', 'edit', 'export', 'delete'));
$this->frontend('theme', array('edit', 'details'), array('refresh', 'export', 'delete'));
break;
case 'imageset':
$this->frontend('imageset', array('details', 'edit', 'delete', 'export'));
switch ($action)
{
case 'refresh':
$sql = 'SELECT *
FROM ' . STYLES_IMAGESET_TABLE . "
WHERE imageset_id = $style_id";
$result = $db->sql_query($sql);
$imageset_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$imageset_row)
{
trigger_error($user->lang['NO_IMAGESET'] . adm_back_link($this->u_action));
}
if (confirm_box(true))
{
$sql_ary = array();
$cfg_data = parse_cfg_file("{$phpbb_root_path}styles/{$imageset_row['imageset_path']}/imageset/imageset.cfg");
$imageset_definitions = array();
foreach ($this->imageset_keys as $topic => $key_array)
{
$imageset_definitions = array_merge($imageset_definitions, $key_array);
}
foreach ($cfg_data as $key => $value)
{
if (strpos($key, 'img_') === 0)
{
$key = substr($key, 4);
if (in_array($key, $imageset_definitions))
{
$sql_ary[$key] = str_replace('{PATH}', "styles/{$imageset_row['imageset_path']}/imageset/", trim($value));
}
}
}
unset($cfg_data);
$sql = 'UPDATE ' . STYLES_IMAGESET_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE imageset_id = $style_id";
$db->sql_query($sql);
$cache->destroy('sql', STYLES_IMAGESET_TABLE);
add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);
trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action));
}
else
{
confirm_box(false, $user->lang['CONFIRM_IMAGESET_REFRESH'], build_hidden_fields(array(
'i' => $id,
'mode' => $mode,
'action' => $action,
'id' => $style_id
)));
}
break;
}
$this->frontend('imageset', array('edit', 'details'), array('refresh', 'export', 'delete'));
break;
}
}
@ -330,7 +426,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
/**
* Build Frontend with supplied options
*/
function frontend($mode, $options)
function frontend($mode, $options, $actions)
{
global $user, $template, $db, $config, $phpbb_root_path, $phpEx;
@ -408,12 +504,19 @@ pagination_sep = \'{PAGINATION_SEP}\'
$s_options[] = '<a href="' . $this->u_action . "&amp;action=$option&amp;id=" . $row[$mode . '_id'] . '">' . $user->lang[strtoupper($option)] . '</a>';
}
$s_actions = array();
foreach ($actions as $option)
{
$s_actions[] = '<a href="' . $this->u_action . "&amp;action=$option&amp;id=" . $row[$mode . '_id'] . '">' . $user->lang[strtoupper($option)] . '</a>';
}
$template->assign_block_vars('installed', array(
'S_DEFAULT_STYLE' => ($mode == 'style' && $row['style_id'] == $config['default_style']) ? true : false,
'U_EDIT' => $this->u_action . '&amp;action=' . (($mode == 'style') ? 'details' : 'edit') . '&amp;id=' . $row[$mode . '_id'],
'U_STYLE_ACT_DEACT' => $this->u_action . '&amp;action=' . $stylevis . '&amp;id=' . $row[$mode . '_id'],
'L_STYLE_ACT_DEACT' => $user->lang['STYLE_' . strtoupper($stylevis)],
'S_OPTIONS' => implode(' | ', $s_options),
'S_ACTIONS' => implode(' | ', $s_actions),
'U_PREVIEW' => ($mode == 'style') ? append_sid("{$phpbb_root_path}index.$phpEx", "$mode=" . $row[$mode . '_id']) : '',
'NAME' => $row[$mode . '_name'],
@ -483,15 +586,16 @@ pagination_sep = \'{PAGINATION_SEP}\'
$filelist = $filelist_cats = array();
$template_data = (!empty($_POST['template_data'])) ? ((STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data']) : '';
// we want newlines no carriage returns!
$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
$template_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
$template_file = request_var('template_file', '');
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
// make sure template_file path doesn't go upwards
$template_file = str_replace('..', '.', $template_file);
// we want newlines no carriage returns!
$template_data = str_replace(array("\n\r", "\r"), array("\n", "\n"), $template_data);
// Retrieve some information about the template
$sql = 'SELECT template_storedb, template_path, template_name
@ -728,7 +832,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
'FILENAME' => str_replace('.', '/', $source) . '.html')
);
$code = str_replace(array("\n\r", "\r"), array("\n", "\n"), file_get_contents("{$phpbb_root_path}cache/{$cache_prefix}_$source.html.$phpEx"));
$code = str_replace(array("\r\n", "\r"), array("\n", "\n"), file_get_contents("{$phpbb_root_path}cache/{$cache_prefix}_$source.html.$phpEx"));
$conf = array('highlight.bg', 'highlight.comment', 'highlight.default', 'highlight.html', 'highlight.keyword', 'highlight.string');
foreach ($conf as $ini_var)
@ -815,20 +919,20 @@ pagination_sep = \'{PAGINATION_SEP}\'
$this->page_title = 'EDIT_THEME';
// we want newlines no carriage returns!
$_POST['css_data'] = (isset($_POST['css_data']) && !empty($_POST['css_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['css_data']) : '';
// get user input
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$hide_css = request_var('hidecss', false);
$show_css = !$hide_css && request_var('showcss', false);
$edit_class = request_var('css_class', '');
$custom_class = request_var('custom_class', '');
$css_data = (!empty($_POST['css_data'])) ? ((STRIP) ? stripslashes($_POST['css_data']) : $_POST['css_data']) : '';
$css_data = (STRIP) ? stripslashes($_POST['css_data']) : $_POST['css_data'];
$submit = isset($_POST['submit']) ? true : false;
$add_custom = isset($_POST['add_custom']) ? true : false;
$matches = array();
// we want newlines no carriage returns!
$css_data = str_replace(array("\n\r", "\r"), array("\n", "\n"), $css_data);
// Retrieve some information about the theme
$sql = 'SELECT theme_storedb, theme_path, theme_name, theme_data
FROM ' . STYLES_THEME_TABLE . "
@ -943,7 +1047,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$css_elements = array_diff(array_map('trim', explode("\n", preg_replace("#;[\n]*#s", "\n", $css_data))), array(''));
// Grab list of potential images for the "images" type
$imglist = filelist($phpbb_root_path . 'styles/' . $theme_info['theme_name'] . '/theme');
$img_filelist = filelist($phpbb_root_path . 'styles/' . $theme_info['theme_name'] . '/theme');
foreach ($match_elements as $type => $match_ary)
{
@ -1009,7 +1113,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$selected = ($unit_option == $unit) ? ' selected="selected"' : '';
$s_units .= "<option value=\"$unit_option\"$selected>$unit_option</option>";
}
$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option>' . $s_units;
$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_UNIT'] . '</option>' . $s_units;
$template->assign_vars(array(
strtoupper($var) => $value,
@ -1020,7 +1124,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
case 'images':
// generate a list of images for this setting
$s_imglist = '';
foreach ($imglist as $path => $img_ary)
foreach ($img_filelist as $path => $img_ary)
{
foreach ($img_ary as $img)
{
@ -1030,7 +1134,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$s_imglist .= "<option value=\"$img\"$selected>$img</option>";
}
}
$s_imglist = '<option value=""' . (($value == '') ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option>' . $s_imglist;
$s_imglist = '<option value=""' . (($value == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_IMAGE'] . '</option>' . $s_imglist;
$template->assign_vars(array(
'S_' . strtoupper($var) => $s_imglist)
@ -1065,7 +1169,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$s_hidden_fields['cssother'] = implode(' ;; ', $css_elements);
}
unset($imglist, $css_elements);
unset($img_filelist, $css_elements);
}
// else if we are showing raw css or the user submitted data from the simple view
// then we need to turn the given information into raw css
@ -1257,24 +1361,8 @@ pagination_sep = \'{PAGINATION_SEP}\'
// Check to see whether the selected image exists in the table
$valid_name = ($update) ? false : true;
$imglist = array(
'logos' => array(
'site_logo',
),
'buttons' => array(
'btn_post', 'btn_reply', 'btn_locked', 'btn_quote', 'btn_edit', 'btn_delete', 'btn_report', 'btn_post_pm', 'btn_reply_pm', 'btn_profile', 'btn_pm', 'btn_info', 'btn_search', 'btn_email', 'btn_www', 'btn_icq', 'btn_aim', 'btn_yim', 'btn_msnm', 'btn_jabber', 'btn_online', 'btn_offline',
),
'icons' => array(
'icon_unapproved', 'icon_reported', 'icon_attach', 'icon_post', 'icon_post_new', 'icon_post_latest', 'icon_post_newest',),
'forums' => array(
'forum', 'forum_new', 'forum_locked', 'forum_link', 'sub_forum', 'sub_forum_new',),
'folders' => array(
'folder', 'folder_posted', 'folder_new', 'folder_new_posted', 'folder_hot', 'folder_hot_posted', 'folder_hot_new', 'folder_hot_new_posted', 'folder_locked', 'folder_locked_posted', 'folder_locked_new', 'folder_locked_new_posted', 'folder_sticky', 'folder_sticky_posted', 'folder_sticky_new', 'folder_sticky_new_posted', 'folder_announce', 'folder_announce_posted', 'folder_announce_new', 'folder_announce_new_posted',),
'polls' => array(
'poll_left', 'poll_center', 'poll_right',),
);
foreach ($imglist as $category => $img_ary)
foreach ($this->imageset_keys as $category => $img_ary)
{
if (in_array($imgname, $img_ary))
{
@ -1317,11 +1405,12 @@ pagination_sep = \'{PAGINATION_SEP}\'
// Generate list of image options
$img_options = '';
foreach ($imglist as $category => $img_ary)
foreach ($this->imageset_keys as $category => $img_ary)
{
$template->assign_block_vars('category', array(
'NAME' => $user->lang['IMG_CAT_' . strtoupper($category)]
));
foreach ($img_ary as $img)
{
$template->assign_block_vars('category.images', array(
@ -1362,6 +1451,10 @@ pagination_sep = \'{PAGINATION_SEP}\'
}
closedir($dp);
// Make sure the list of possible images is sorted alphabetically
sort($imagesetlist['nolang']);
sort($imagesetlist['lang']);
$imagesetlist_options = '';
foreach ($imagesetlist as $type => $img_ary)
{
@ -1395,7 +1488,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
'IMAGE_OPTIONS' => $img_options,
'IMAGELIST_OPTIONS' => $imagesetlist_options,
'IMAGE_SIZE' => $imgsize_bool,
'IMAGE_REQUEST' => (!empty($imgname)) ? '../styles/' . $imageset_path . '/imageset/' . str_replace('{LANG}', $imglang, $img_info[0]) : '',
'IMAGE_REQUEST' => (!empty($img_info[0])) ? '../styles/' . $imageset_path . '/imageset/' . str_replace('{LANG}', $imglang, $img_info[0]) : '',
'U_ACTION' => $this->u_action . "&amp;action=edit&amp;id=$imageset_id",
'U_BACK' => $this->u_action,
'NAME' => $imageset_name,
@ -1408,7 +1501,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
*/
function remove($mode, $style_id)
{
global $db, $template, $user, $phpbb_root_path, $cache;
global $db, $template, $user, $phpbb_root_path, $cache, $config;
$new_id = request_var('new_id', 0);
$update = (isset($_POST['update'])) ? true : false;
@ -1489,6 +1582,11 @@ pagination_sep = \'{PAGINATION_SEP}\'
SET forum_style = $new_id
WHERE forum_style = $style_id";
$db->sql_query($sql);
if ($style_id == $config['default_style'])
{
set_config('default_style', $new_id);
}
}
else
{
@ -1741,11 +1839,12 @@ pagination_sep = \'{PAGINATION_SEP}\'
{
$imageset_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['imageset_name'], $style_row['imageset_copyright'], $config['version']), $this->imageset_cfg);
$imageset_definitions = explode(', ', $this->imageset_keys);
foreach ($imageset_definitions as $key)
foreach ($this->imageset_keys as $topic => $key_array)
{
$imageset_cfg .= "\n" . $key . ' = ' . str_replace("styles/{$style_row['imageset_path']}/imageset/", '{PATH}', $style_row[$key]);
foreach ($key_array as $key)
{
$imageset_cfg .= "\n" . $key . ' = ' . str_replace("styles/{$style_row['imageset_path']}/imageset/", '{PATH}', $style_row[$key]);
}
}
$files[] = array(
@ -1794,7 +1893,14 @@ pagination_sep = \'{PAGINATION_SEP}\'
{
include($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
$path = $style_row[$mode . '_path'];
if ($mode == 'style')
{
$path = preg_replace('#[^\w-]+#', '_', $style_row['style_name']);
}
else
{
$path = $style_row[$mode . '_path'];
}
if ($format == 'zip')
{
@ -2254,7 +2360,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
// heck of a lot of data ...
$sql_ary = array(
'template_id' => $style_id,
'template_filename' => "$template_pathfile$file",
'template_filename' => "$pathfile$file",
'template_included' => (isset($includes[$file])) ? implode(':', $includes[$file]) . ':' : '',
'template_mtime' => filemtime("{$phpbb_root_path}styles/$template_path$pathfile$file"),
'template_data' => file_get_contents("{$phpbb_root_path}styles/$template_path$pathfile$file"),
@ -2581,7 +2687,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
{
$style_row['style_id'] = 0;
$this->install_style($error, 'add', '', $style_row['style_id'], $style_row['style_name'], $style_row['style_copyright'], $style_row['style_active'], $style_row['style_default'], $style_row);
$this->install_style($error, 'add', '', $style_row['style_id'], $style_row['style_name'], '', $style_row['style_copyright'], $style_row['style_active'], $style_row['style_default'], $style_row);
}
if (!sizeof($error))
@ -2867,40 +2973,54 @@ pagination_sep = \'{PAGINATION_SEP}\'
$mode . '_path' => $path,
);
if ($mode != 'imageset')
switch ($mode)
{
switch ($mode)
{
case 'template':
// We set a pre-defined bitfield here which we may use further in 3.2
$sql_ary += array(
'bbcode_bitfield' => TEMPLATE_BITFIELD,
'template_storedb' => $store_db
);
break;
case 'template':
// We set a pre-defined bitfield here which we may use further in 3.2
$sql_ary += array(
'bbcode_bitfield' => TEMPLATE_BITFIELD,
'template_storedb' => $store_db
);
break;
case 'theme':
$sql_ary += array(
'theme_storedb' => $store_db,
'theme_data' => ($store_db) ? (($root_path) ? $this->db_theme_data($sql_ary, false, $root_path) : '') : '',
'theme_mtime' => filemtime("{$phpbb_root_path}styles/$path/theme/stylesheet.css")
);
break;
}
}
else
{
$cfg_data = parse_cfg_file("$root_path$mode/imageset.cfg");
case 'theme':
// We are only interested in the theme configuration for now
$theme_cfg = parse_cfg_file("{$phpbb_root_path}styles/$path/theme/theme.cfg");
foreach ($cfg_data as $key => $value)
{
if (strpos($key, 'img_') === 0)
if (isset($theme_cfg['parse_css_file']) && $theme_cfg['parse_css_file'])
{
$key = substr($key, 4);
$sql_ary[$key] = str_replace('{PATH}', "styles/$path/imageset/", trim($value));
$store_db = 1;
}
}
unset($cfg_data);
$sql_ary += array(
'theme_storedb' => $store_db,
'theme_data' => ($store_db) ? $this->db_theme_data($sql_ary, false, $root_path) : '',
'theme_mtime' => filemtime("{$phpbb_root_path}styles/$path/theme/stylesheet.css")
);
break;
case 'imageset':
$cfg_data = parse_cfg_file("$root_path$mode/imageset.cfg");
$imageset_definitions = array();
foreach ($this->imageset_keys as $topic => $key_array)
{
$imageset_definitions = array_merge($imageset_definitions, $key_array);
}
foreach ($cfg_data as $key => $value)
{
if (strpos($key, 'img_') === 0)
{
$key = substr($key, 4);
if (in_array($key, $imageset_definitions))
{
$sql_ary[$key] = str_replace('{PATH}', "styles/$path/imageset/", trim($value));
}
}
}
unset($cfg_data);
break;
}
$db->sql_transaction('begin');

185
phpBB/includes/acp/acp_users.php
View file

@ -14,6 +14,12 @@
class acp_users
{
var $u_action;
var $p_master;
function acp_users(&$p_master)
{
$this->p_master = &$p_master;
}
function main($id, $mode)
{
@ -28,7 +34,7 @@ class acp_users
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
$error = array();
$username = request_var('username', '', true);
$username = request_var('username', '');
$user_id = request_var('u', 0);
$action = request_var('action', '');
@ -114,7 +120,7 @@ class acp_users
foreach ($forms_ary['modes'] as $value => $ary)
{
if (!$this->is_authed($ary['auth']))
if (!$this->p_master->module_auth($ary['auth']))
{
continue;
}
@ -133,7 +139,7 @@ class acp_users
// Prevent normal users/admins change/view founders if they are not a founder by themselves
if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
{
trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action));
trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}
switch ($mode)
@ -192,6 +198,12 @@ class acp_users
case 'banuser':
case 'banemail':
case 'banip':
if ($user_id == $user->data['user_id'])
{
trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}
$ban = array();
switch ($action)
@ -238,6 +250,11 @@ class acp_users
case 'reactivate':
if ($user_id == $user->data['user_id'])
{
trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}
if ($config['email_enable'])
{
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
@ -287,6 +304,12 @@ class acp_users
case 'active':
if ($user_id == $user->data['user_id'])
{
// It is only deactivation since the user is already activated (else he would not have reached this page)
trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}
user_active_flip($user_id, $user_row['user_type'], false, $user_row['username']);
$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
@ -376,7 +399,7 @@ class acp_users
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
$del_topic_ary = array();
@ -392,7 +415,7 @@ class acp_users
if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}
}
@ -478,7 +501,7 @@ class acp_users
{
$sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -601,8 +624,8 @@ class acp_users
// Validation data
$var_ary = array(
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'user_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'warnings' => array('num'),
);
@ -657,9 +680,34 @@ class acp_users
$sql_ary['user_warnings'] = $data['warnings'];
}
if (($user_row['user_type'] == USER_FOUNDER && !$data['user_founder']) || ($user_row['user_type'] != USER_FOUNDER && $data['user_founder']))
// Only allow founders updating the founder status...
if ($user->data['user_type'] == USER_FOUNDER)
{
$sql_ary['user_type'] = ($data['user_founder']) ? USER_FOUNDER : USER_NORMAL;
// Setting a normal member to be a founder
if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
{
$sql_ary['user_type'] = USER_FOUNDER;
}
else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
{
// Check if at least one founder is present
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_type = ' . USER_FOUNDER . '
AND user_id <> ' . $user_id;
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
$sql_ary['user_type'] = USER_NORMAL;
}
else
{
trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
}
}
}
}
@ -711,6 +759,9 @@ class acp_users
user_update_name($user_row['username'], $update_username);
}
// Let the users permissions being updated
$auth->acl_clear_prefetch($user_id);
add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
@ -721,11 +772,19 @@ class acp_users
}
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
$quick_tool_ary = array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP', 'active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'), 'delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
if ($config['email_enable'])
if ($user_id == $user->data['user_id'])
{
$quick_tool_ary['reactivate'] = 'FORCE';
$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
}
else
{
$quick_tool_ary = array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP', 'active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'), 'delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
if ($config['email_enable'])
{
$quick_tool_ary['reactivate'] = 'FORCE';
}
}
$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
@ -743,6 +802,7 @@ class acp_users
'S_USER_IP' => ($user_row['user_ip']) ? true : false,
'S_USER_FOUNDER' => ($user_row['user_type'] == USER_FOUNDER) ? true : false,
'S_ACTION_OPTIONS' => $s_action_options,
'S_OWN_ACCOUNT' => ($user_id == $user->data['user_id']) ? true : false,
'U_SHOW_IP' => $this->u_action . "&amp;u=$user_id&amp;ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
'U_WHOIS' => $this->u_action . "&amp;action=whois&amp;user_ip={$user_row['user_ip']}",
@ -755,6 +815,7 @@ class acp_users
'USER_LASTACTIVE' => ($user_row['user_lastvisit']) ? $user->format_date($user_row['user_lastvisit']) : ' - ',
'USER_EMAIL' => $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],
)
);
@ -787,7 +848,7 @@ class acp_users
{
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
@ -813,7 +874,7 @@ class acp_users
// Sorting
$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
$sort_by_sql = array('u' => 'l.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@ -943,6 +1004,34 @@ class acp_users
// Update Custom Fields
if (sizeof($cp_data))
{
switch (SQL_LAYER)
{
case 'oracle':
case 'firebird':
case 'postgres':
$right_delim = $left_delim = '"';
break;
case 'sqlite':
case 'mssql':
case 'mssql_odbc':
$right_delim = ']';
$left_delim = '[';
break;
case 'mysql':
case 'mysql4':
case 'mysqli':
$right_delim = $left_delim = '`';
break;
}
foreach ($cp_data as $key => $value)
{
$cp_data[$right_delim . $key . $left_delim] = $value;
unset($cp_data[$key]);
}
$sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $cp_data) . "
WHERE user_id = $user_id";
@ -1077,7 +1166,7 @@ class acp_users
$var_ary = array(
'dateformat' => array('string', false, 3, 30),
'lang' => array('match', false, '#^[a-z_]{2,}$#i'),
'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
'tz' => array('num', false, -14, 14),
'topic_sk' => array('string', false, 1, 1),
@ -1252,7 +1341,7 @@ class acp_users
'S_LANG_OPTIONS' => language_select($lang),
'S_STYLE_OPTIONS' => style_select($style),
'S_TZ_OPTIONS' => tz_select($tz),
'S_TZ_OPTIONS' => tz_select($tz, true),
)
);
@ -1449,6 +1538,7 @@ class acp_users
case 'sig':
include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
$enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
@ -1520,9 +1610,14 @@ class acp_users
'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],)
'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false)
);
// Assigning custom bbcodes
display_custom_bbcodes();
break;
case 'attach':
@ -1541,7 +1636,7 @@ class acp_users
{
$sql = 'SELECT real_filename
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', $marked) . ')';
WHERE ' . $db->sql_in_set('attach_id', $marked);
$result = $db->sql_query($sql);
$log_attachments = array();
@ -1623,7 +1718,7 @@ class acp_users
$template->assign_block_vars('attach', array(
'REAL_FILENAME' => $row['real_filename'],
'COMMENT' => nl2br($row['comment']),
'COMMENT' => nl2br($row['attach_comment']),
'EXTENSION' => $row['extension'],
'SIZE' => ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
'DOWNLOAD_COUNT' => $row['download_count'],
@ -1745,14 +1840,14 @@ class acp_users
// Select box for other groups
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
' . ((sizeof($id_ary)) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . '
' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
ORDER BY group_type DESC, group_name ASC';
$result = $db->sql_query($sql);
$s_group_options = '';
while ($row = $db->sql_fetchrow($result))
{
if ($config['coppa_hide_groups'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA')))
if (!$config['coppa_enable'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA')))
{
continue;
}
@ -1809,28 +1904,40 @@ class acp_users
// Select auth options
$sql = 'SELECT auth_option, is_local, is_global
FROM ' . ACL_OPTIONS_TABLE . "
WHERE auth_option LIKE '%\_'
AND is_global = 1
ORDER BY auth_option";
WHERE auth_option LIKE '%\_'";
if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
{
$sql .= " ESCAPE '\\'";
}
$sql .= 'AND is_global = 1
ORDER BY auth_option';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NO);
$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
}
$db->sql_freeresult($result);
$sql = 'SELECT auth_option, is_local, is_global
FROM ' . ACL_OPTIONS_TABLE . "
WHERE auth_option LIKE '%\_'
AND is_local = 1
ORDER BY is_global DESC, auth_option";
WHERE auth_option LIKE '%\_'";
if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
{
$sql .= " ESCAPE '\\'";
}
$sql .= 'AND is_local = 1
ORDER BY is_global DESC, auth_option';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NO);
$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NEVER);
$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
}
$db->sql_freeresult($result);
@ -1895,26 +2002,6 @@ class acp_users
$var = ($data) ? $data : $user_row['user_options'];
return ($var & 1 << $user->keyoptions[$key]) ? true : false;
}
/**
* Check if user is allowed to call this user mode
*/
function is_authed($module_auth)
{
global $config, $auth;
$module_auth = trim($module_auth);
if (!$module_auth)
{
return true;
}
$is_auth = false;
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', 'true', '(int) $config["\\1"]'), $module_auth) . ');');
return $is_auth;
}
}
?>

72
phpBB/includes/acp/auth.php
View file

@ -81,9 +81,9 @@ class auth_admin extends auth
* @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
* @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
* @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
* @param ACL_NO|ACL_UNSET|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
* @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
*/
function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NO)
function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
{
global $db, $user;
@ -136,7 +136,7 @@ class auth_admin extends auth
$sql = 'SELECT user_id, user_permissions, user_type
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(',', $ug_id) . ')';
WHERE ' . $db->sql_in_set('user_id', $ug_id);
$result = $db->sql_query($sql);
while ($userdata = $db->sql_fetchrow($result))
@ -292,14 +292,14 @@ class auth_admin extends auth
{
$sql = 'SELECT user_id as ug_id, username as ug_name
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')
WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
ORDER BY username ASC';
}
else
{
$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', array_keys($hold_ary)) . ')
WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
ORDER BY group_type DESC, group_name ASC';
}
$result = $db->sql_query($sql);
@ -322,7 +322,7 @@ class auth_admin extends auth
$forum_names_ary = array();
if ($local)
{
$forum_names_ary = make_forum_select(false, false, true, false, false, true);
$forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
}
else
{
@ -361,7 +361,7 @@ class auth_admin extends auth
$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = r.auth_option_id
AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -584,7 +584,7 @@ class auth_admin extends auth
// Get forum names
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary));
$result = $db->sql_query($sql);
$forum_names = array();
@ -605,7 +605,7 @@ class auth_admin extends auth
{
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $auth_ary['users']) . ')
WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
ORDER BY username';
$result = $db->sql_query($sql);
@ -624,7 +624,7 @@ class auth_admin extends auth
{
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $auth_ary['groups']) . ')
WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
ORDER BY group_type ASC, group_name';
$result = $db->sql_query($sql);
@ -768,12 +768,12 @@ class auth_admin extends auth
$ug_id = array($ug_id);
}
$ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
$forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') ';
$ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
$forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
$id_field = $ug_type . '_id';
$id_field = $ug_type . '_id';
// Get any flags as required
reset($auth);
@ -797,8 +797,8 @@ class auth_admin extends auth
}
$sql = "DELETE FROM $table
WHERE forum_id $forum_sql
AND $id_field $ug_id_sql
WHERE $forum_sql
AND $ug_id_sql
AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
$db->sql_query($sql);
@ -818,17 +818,17 @@ class auth_admin extends auth
if (sizeof($role_ids))
{
$sql = "DELETE FROM $table
WHERE forum_id $forum_sql
AND $id_field $ug_id_sql
WHERE $forum_sql
AND $ug_id_sql
AND auth_option_id = 0
AND auth_role_id IN (" . implode(', ', $role_ids) . ')';
AND " . $db->sql_in_set('auth_role_id', $role_ids);
$db->sql_query($sql);
}
// Ok, include the any-flag if one or more auth options are set to yes...
foreach ($auth as $auth_option => $setting)
{
if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
{
$auth[$flag] = ACL_YES;
}
@ -858,7 +858,7 @@ class auth_admin extends auth
{
$auth_option_id = (int) $this->option_ids[$auth_option];
if ($setting != ACL_UNSET)
if ($setting != ACL_NO)
{
foreach ($ug_id as $id)
{
@ -920,7 +920,7 @@ class auth_admin extends auth
// Re-set any flag...
foreach ($auth as $auth_option => $setting)
{
if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
{
$auth[$flag] = ACL_YES;
}
@ -931,7 +931,7 @@ class auth_admin extends auth
{
$auth_option_id = (int) $this->option_ids[$auth_option];
if ($setting != ACL_UNSET)
if ($setting != ACL_NO)
{
$sql_ary[] = array(
'role_id' => (int) $role_id,
@ -941,13 +941,13 @@ class auth_admin extends auth
}
}
// If no data is there, we set the any-flag to ACL_NO...
// If no data is there, we set the any-flag to ACL_NEVER...
if (!sizeof($sql_ary))
{
$sql_ary[] = array(
'role_id' => (int) $role_id,
'auth_option_id' => $this->option_ids[$flag],
'auth_setting' => ACL_NO
'auth_setting' => ACL_NEVER
);
}
@ -995,12 +995,12 @@ class auth_admin extends auth
if ($forum_id !== false)
{
$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : 'forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
}
if ($ug_id !== false)
{
$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $id_field . ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
}
// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
@ -1016,7 +1016,7 @@ class auth_admin extends auth
while ($row = $db->sql_fetchrow($result))
{
$option_id_ary[] = $row['auth_option_id'];
$auth_id_ary[$row['auth_option']] = ACL_UNSET;
$auth_id_ary[$row['auth_option']] = ACL_NO;
}
$db->sql_freeresult($result);
@ -1043,7 +1043,7 @@ class auth_admin extends auth
$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
WHERE ao.auth_option_id = rd.auth_option_id
AND rd.role_id IN (' . implode(', ', array_keys($cur_role_auth)) . ')';
AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
$result = $db->sql_query($sql);
$auth_settings = array();
@ -1072,7 +1072,7 @@ class auth_admin extends auth
// Now, normally remove permissions...
if ($permission_type !== false)
{
$where_sql[] = 'auth_option_id IN (' . implode(', ', array_map('intval', $option_id_ary)) . ')';
$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
}
$sql = "DELETE FROM $table
@ -1093,9 +1093,9 @@ class auth_admin extends auth
foreach ($category_array as $cat => $cat_array)
{
$template->assign_block_vars($tpl_cat, array(
'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
'S_UNSET' => ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false,
'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
'CAT_NAME' => $user->lang['permission_cat'][$cat])
);
@ -1104,8 +1104,8 @@ class auth_admin extends auth
{
$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
'S_YES' => ($allowed == ACL_YES) ? true : false,
'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
'S_NO' => ($allowed == ACL_NO) ? true : false,
'S_UNSET' => ($allowed == ACL_UNSET) ? true : false,
'UG_ID' => $ug_id,
'FORUM_ID' => $forum_id,
@ -1166,15 +1166,15 @@ class auth_admin extends auth
{
$content_array[$forum_id][$cat] = array(
'S_YES' => false,
'S_NEVER' => false,
'S_NO' => false,
'S_UNSET' => false,
'permissions' => array(),
);
}
$content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
$content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
$content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
$content_array[$forum_id][$cat]['S_UNSET'] |= ($auth_setting == ACL_UNSET) ? true : false;
$content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
}
@ -1211,7 +1211,7 @@ class auth_admin extends auth
{
if (strpos($opt, 'a_') === 0)
{
$hold_ary[0][$opt] = ACL_NO;
$hold_ary[0][$opt] = ACL_NEVER;
}
}

1
phpBB/includes/acp/info/acp_board.php
View file

@ -27,7 +27,6 @@ class acp_board_info
'post' => array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
'signature' => array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
'registration' => array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
'visual' => array('title' => 'ACP_VC_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
'auth' => array('title' => 'ACP_AUTH_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),
'email' => array('title' => 'ACP_EMAIL_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),

38
phpBB/includes/acp/info/acp_captcha.php Normal file
View file

@ -0,0 +1,38 @@
<?php
/**
*
* @package acp
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @package module_install
*/
class acp_captcha_info
{
function module()
{
return array(
'filename' => 'acp_captcha',
'title' => 'ACP_CAPTCHA',
'version' => '1.0.0',
'modes' => array(
'visual' => array('title' => 'ACP_VC_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
'img' => array('title' => 'ACP_VC_CAPTCHA_DISPLAY', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION'), 'display' => false)
),
);
}
function install()
{
}
function uninstall()
{
}
}
?>

8
phpBB/includes/acp/info/acp_permission_roles.php
View file

@ -20,10 +20,10 @@ class acp_permission_roles_info
'title' => 'ACP_PERMISSION_ROLES',
'version' => '1.0.0',
'modes' => array(
'admin_roles' => array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'user_roles' => array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'mod_roles' => array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'forum_roles' => array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'admin_roles' => array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles && acl_a_aauth', 'cat' => array('ACP_PERMISSION_ROLES')),
'user_roles' => array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles && acl_a_uauth', 'cat' => array('ACP_PERMISSION_ROLES')),
'mod_roles' => array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles && acl_a_mauth', 'cat' => array('ACP_PERMISSION_ROLES')),
'forum_roles' => array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles && acl_a_fauth', 'cat' => array('ACP_PERMISSION_ROLES')),
),
);
}

118
phpBB/includes/auth.php
View file

@ -161,7 +161,7 @@ class auth
if (sizeof($this->acl))
{
$sql .= ' WHERE forum_id NOT IN (' . implode(', ', array_keys($this->acl)) . ')';
$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
}
$result = $db->sql_query($sql);
@ -378,14 +378,14 @@ class auth
// If one option is allowed, the global permission for this option has to be allowed too
// example: if the user has the a_ permission this means he has one or more a_* permissions
if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NO))
if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
{
$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
}
}
else
{
$bitstring[$id] = ACL_NO;
$bitstring[$id] = ACL_NEVER;
}
}
@ -418,7 +418,13 @@ class auth
{
global $db;
$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
$where_sql = '';
if ($user_id !== false)
{
$user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id);
$where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id);
}
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '',
@ -440,8 +446,8 @@ class auth
$sql_id = ($user_type == 'user') ? 'user_id' : 'group_id';
$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : "AND a.$sql_id IN (" . implode(', ', $ug_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
// Grab assigned roles...
$sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id
@ -469,8 +475,8 @@ class auth
{
global $db;
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = '';
@ -482,14 +488,14 @@ class auth
}
else
{
$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
}
$hold_ary = array();
// First grab user settings ... each user has only one setting for each
// option ... so we shouldn't need any ACL_NO checks ... he says ...
// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
// Grab assigned roles...
$sql = $db->sql_build_query('SELECT', array(
'SELECT' => 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
@ -522,7 +528,7 @@ class auth
}
$db->sql_freeresult($result);
// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
$sql = $db->sql_build_query('SELECT', array(
'SELECT' => 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
@ -552,13 +558,13 @@ class auth
while ($row = $db->sql_fetchrow($result))
{
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
{
$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
// Check for existence of ACL_YES if an option got set to NO
if ($setting == ACL_NO)
// Check for existence of ACL_YES if an option got set to ACL_NEVER
if ($setting == ACL_NEVER)
{
$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
@ -586,8 +592,8 @@ class auth
{
global $db;
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = '';
@ -599,7 +605,7 @@ class auth
}
else
{
$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
}
@ -647,8 +653,8 @@ class auth
{
global $db;
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
if ($opts !== false)
{
@ -658,7 +664,7 @@ class auth
}
else
{
$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
}
@ -707,40 +713,70 @@ class auth
global $config, $db, $user, $phpbb_root_path, $phpEx;
$method = trim(basename($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
$method = 'login_' . $method;
if (function_exists($method))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$login = $method($username, $password);
$method = 'login_' . $method;
if (function_exists($method))
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
{
$login = $method($username, $password);
// If login succeeded, we will log the user in... else we pass the login array through...
if ($login['status'] == LOGIN_SUCCESS)
// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
if (!function_exists('user_add'))
{
$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
// Successful session creation
if ($result === true)
{
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $login['user_row'],
);
}
user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
return array(
'status' => LOGIN_BREAK,
'error_msg' => $result,
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'AUTH_NO_PROFILE_CREATED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$login = array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// If login succeeded, we will log the user in... else we pass the login array through...
if ($login['status'] == LOGIN_SUCCESS)
{
$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
// Successful session creation
if ($result === true)
{
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $login['user_row'],
);
}
return $login;
return array(
'status' => LOGIN_BREAK,
'error_msg' => $result,
'user_row' => $login['user_row'],
);
}
return $login;
}
trigger_error('Authentication method not found', E_USER_ERROR);

115
phpBB/includes/auth/auth_apache.php
View file

@ -4,13 +4,6 @@
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for initial authentication via Apaches basic realm authentication methods,
* user data is then obtained from the integrated user table
*
* You can do any kind of checking you like here ... the return data format is
* either the resulting row of user information, an integer zero (indicating an
* inactive user) or some error string
*
* @package login
* @version $Id$
* @copyright (c) 2005 phpBB Group
@ -18,6 +11,24 @@
*
*/
/**
* Checks whether the user is identified to apache
* Only allow changing authentication to apache if the user is identified
* Called in acp_board while setting authentication plugins
*
* @return boolean|string false if the user is identified and else an error message
*/
function init_apache()
{
global $user;
if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
{
return $user->lang['APACHE_SETUP_BEFORE_USE'];
}
return false;
}
/**
* Login function
*/
@ -25,11 +36,29 @@ function login_apache(&$username, &$password)
{
global $db;
if (!isset($_SERVER['PHP_AUTH_USER']))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$php_auth_user = $_SERVER['PHP_AUTH_USER'];
$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
if ($php_auth_user !== $username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@ -57,11 +86,11 @@ function login_apache(&$username, &$password)
);
}
// the user does not exist
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
);
}
@ -82,11 +111,19 @@ function autologin_apache()
{
global $db;
if (!isset($_SERVER['PHP_AUTH_USER']))
{
return array();
}
$php_auth_user = $_SERVER['PHP_AUTH_USER'];
$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
set_var($php_auth_user, $php_auth_user, 'string');
set_var($php_auth_pw, $php_auth_pw, 'string');
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@ -98,11 +135,57 @@ function autologin_apache()
{
return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
}
// create the user if he does not exist yet
user_add(user_row_apache($php_auth_user, $php_auth_pw));
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
return $row;
}
}
return array();
}
/**
* This function generates an array which can be passed to the user_add function in order to create a user
*/
function user_row_apache($username, $password)
{
global $db, $config, $user;
// first retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
return array(
'username' => $username,
'user_password' => $password,
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,
);
}
/**
* The session validation function checks whether the user is still logged in
*
@ -110,7 +193,15 @@ function autologin_apache()
*/
function validate_session_apache(&$user)
{
return ($_SERVER['PHP_AUTH_USER'] === $user['username']) ? true : false;
if (!isset($_SERVER['PHP_AUTH_USER']))
{
return false;
}
$php_auth_user = '';
set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
return ($php_auth_user === $user['username']) ? true : false;
}
?>

4
phpBB/includes/auth/auth_db.php
View file

@ -6,10 +6,6 @@
*
* This is for authentication via the integrated user table
*
* You can do any kind of checking you like here ... the return data format is
* either the resulting row of user information, an integer zero (indicating an
* inactive user) or some error string
*
* @package login
* @version $Id$
* @copyright (c) 2005 phpBB Group

120
phpBB/includes/auth/auth_ldap.php
View file

@ -5,13 +5,6 @@
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for initial authentication via an LDAP server, user information is then
* obtained from the integrated user table
*
* You can do any kind of checking you like here ... the return data format is
* either the resulting row of user information, an integer zero (indicating an
* inactive user) or some error string
*
* @package login
* @version $Id$
* @copyright (c) 2005 phpBB Group
@ -39,9 +32,17 @@ function init_ldap()
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid']));
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($user->data['username'])) . ')',
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0,
1
);
if ($search === false)
{
@ -52,12 +53,18 @@ function init_ldap()
@ldap_close($ldap);
if (is_array($result) && sizeof($result) > 1)
if (!is_array($result) || sizeof($result) < 2)
{
return false;
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
}
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
{
return $user->lang['LDAP_NO_EMAIL'];
}
return false;
}
/**
@ -65,7 +72,7 @@ function init_ldap()
*/
function login_ldap(&$username, &$password)
{
global $db, $config;
global $db, $config, $user;
if (!@extension_loaded('ldap'))
{
@ -86,13 +93,22 @@ function login_ldap(&$username, &$password)
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid']));
$result = @ldap_get_entries($ldap, $search);
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($username)) . ')',
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0,
1
);
if (is_array($result) && sizeof($result) > 1)
$ldap_result = @ldap_get_entries($ldap, $search);
if (is_array($ldap_result) && sizeof($ldap_result) > 1)
{
if (@ldap_bind($ldap, $result[0]['dn'], $password))
if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
{
@ldap_close($ldap);
@ -105,6 +121,8 @@ function login_ldap(&$username, &$password)
if ($row)
{
unset($ldap_result);
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
@ -122,9 +140,45 @@ function login_ldap(&$username, &$password)
'user_row' => $row,
);
}
else
{
// retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
$ldap_user_row = array(
'username' => $username,
'user_password' => $password,
'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,
);
unset($ldap_result);
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => $ldap_user_row,
);
}
}
else
{
unset($ldap_result);
@ldap_close($ldap);
// Give status about wrong password...
@ -145,18 +199,22 @@ function login_ldap(&$username, &$password)
);
}
/**
* Escapes an LDAP AttributeValue
*/
function ldap_escape($string)
{
return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
}
/**
* This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields.
*/
function admin_ldap(&$new)
function acp_ldap(&$new)
{
global $user;
/**
* @todo Using same approach as with cfg_build_template?
*/
$tpl = '
<dl>
@ -171,27 +229,17 @@ function admin_ldap(&$new)
<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_uid">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
</dl>
';
// These are fields required in the config table
return array(
'tpl' => $tpl,
'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid')
'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
);
}
/**
* Would be nice to allow syncing of 'appropriate' data when user updates
* their username, password, etc. ... should be up to the plugin what data
* is updated.
*
* @todo implement this functionality (probably 3.2)
*
* @param new|update|delete $mode defining the action to take on user updates
*/
function usercp_ldap($mode)
{
global $db, $config;
}
?>

77
phpBB/includes/bbcode.php
View file

@ -15,7 +15,7 @@
class bbcode
{
var $bbcode_uid = '';
var $bbcode_bitfield = 0;
var $bbcode_bitfield = '';
var $bbcode_cache = array();
var $bbcode_template = array();
@ -28,7 +28,7 @@ class bbcode
* Constructor
* Init bbcode cache entries if bitfield is specified
*/
function bbcode($bitfield = 0)
function bbcode($bitfield = '')
{
if ($bitfield)
{
@ -69,32 +69,31 @@ class bbcode
$str = array('search' => array(), 'replace' => array());
$preg = array('search' => array(), 'replace' => array());
$bitlen = strlen(decbin($this->bbcode_bitfield));
for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id)
$bitfield = new bitfield($this->bbcode_bitfield);
$bbcodes_set = $bitfield->get_all_set();
foreach ($bbcodes_set as $bbcode_id)
{
if ($this->bbcode_bitfield & (1 << $bbcode_id))
if (!empty($this->bbcode_cache[$bbcode_id]))
{
if (!empty($this->bbcode_cache[$bbcode_id]))
foreach ($this->bbcode_cache[$bbcode_id] as $type => $array)
{
foreach ($this->bbcode_cache[$bbcode_id] as $type => $array)
foreach ($array as $search => $replace)
{
foreach ($array as $search => $replace)
{
${$type}['search'][] = str_replace('$uid', $this->bbcode_uid, $search);
${$type}['replace'][] = $replace;
}
${$type}['search'][] = str_replace('$uid', $this->bbcode_uid, $search);
${$type}['replace'][] = $replace;
}
if (sizeof($str['search']))
{
$message = str_replace($str['search'], $str['replace'], $message);
$str = array('search' => array(), 'replace' => array());
}
if (sizeof($str['search']))
{
$message = str_replace($str['search'], $str['replace'], $message);
$str = array('search' => array(), 'replace' => array());
}
if (sizeof($preg['search']))
{
$message = preg_replace($preg['search'], $preg['replace'], $message);
$preg = array('search' => array(), 'replace' => array());
}
if (sizeof($preg['search']))
{
$message = preg_replace($preg['search'], $preg['replace'], $message);
$preg = array('search' => array(), 'replace' => array());
}
}
}
@ -125,13 +124,14 @@ class bbcode
}
}
$sql = '';
$bbcode_ids = $rowset = array();
$bitlen = strlen(decbin($this->bbcode_bitfield));
$bbcode_ids = $rowset = $sql = array();
for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id)
$bitfield = new bitfield($this->bbcode_bitfield);
$bbcodes_set = $bitfield->get_all_set();
foreach ($bbcodes_set as $bbcode_id)
{
if (isset($this->bbcode_cache[$bbcode_id]) || !($this->bbcode_bitfield & (1 << $bbcode_id)))
if (isset($this->bbcode_cache[$bbcode_id]))
{
// do not try to re-cache it if it's already in
continue;
@ -140,18 +140,18 @@ class bbcode
if ($bbcode_id > NUM_CORE_BBCODES)
{
$sql .= (($sql) ? ',' : '') . $bbcode_id;
$sql[] = $bbcode_id;
}
}
if ($sql)
if (sizeof($sql))
{
global $db;
$sql = 'SELECT *
FROM ' . BBCODES_TABLE . "
WHERE bbcode_id IN ($sql)";
$result = $db->sql_query($sql);
FROM ' . BBCODES_TABLE . '
WHERE ' . $db->sql_in_set('bbcode_id', $sql);
$result = $db->sql_query($sql, 3600);
while ($row = $db->sql_fetchrow($result))
{
@ -232,7 +232,7 @@ class bbcode
case 6:
$this->bbcode_cache[$bbcode_id] = array(
'preg' => array(
'!\[color=(#[0-9A-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s' => $this->bbcode_tpl('color', $bbcode_id),
'!\[color=(#[0-9a-fA-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s' => $this->bbcode_tpl('color', $bbcode_id),
)
);
break;
@ -312,9 +312,13 @@ class bbcode
break;
default:
if (!isset($template_bitfield))
{
$template_bitfield = new bitfield($this->template_bitfield);
}
if (isset($rowset[$bbcode_id]))
{
if ($this->template_bitfield & (1 << $bbcode_id))
if ($template_bitfield->get($bbcode_id))
{
// The bbcode requires a custom template to be loaded
if (!$bbcode_tpl = $this->bbcode_tpl($rowset[$bbcode_id]['bbcode_tag'], $bbcode_id))
@ -390,9 +394,10 @@ class bbcode
'color' => '<span style="color: $1">$2</span>',
'email' => '<a href="mailto:$1">$2</a>'
);
$template_bitfield = new bitfield($this->template_bitfield);
}
if ($bbcode_id != -1 && !($this->template_bitfield & (1 << $bbcode_id)))
if ($bbcode_id != -1 && !$template_bitfield->get($bbcode_id))
{
return (isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : false;
}
@ -561,7 +566,7 @@ class bbcode
$code = str_replace(' ', ' &nbsp;', $code);
// remove newline at the beginning
if ($code{0} == "\n")
if (!empty($code) && $code{0} == "\n")
{
$code = substr($code, 1);
}

1483
phpBB/includes/captcha/captcha_gd.php
View file

File diff suppressed because it is too large Load diff

23
phpBB/includes/constants.php
View file

@ -31,14 +31,15 @@ define('USER_FOUNDER', 3);
//define('USER_GUEST', 4);
// ACL
define('ACL_NO', 0);
define('ACL_NEVER', 0);
define('ACL_YES', 1);
define('ACL_UNSET', -1);
define('ACL_NO', -1);
// Login error codes
define('LOGIN_CONTINUE', 1);
define('LOGIN_BREAK', 2);
define('LOGIN_SUCCESS', 3);
define('LOGIN_SUCCESS_CREATE_PROFILE', 20);
define('LOGIN_ERROR_USERNAME', 10);
define('LOGIN_ERROR_PASSWORD', 11);
define('LOGIN_ERROR_ACTIVE', 12);
@ -135,8 +136,8 @@ define('FIELD_DATE', 6);
// Table names
define('ACL_GROUPS_TABLE', $table_prefix . 'acl_groups');
define('ACL_OPTIONS_TABLE', $table_prefix . 'acl_options');
define('ACL_ROLES_TABLE', $table_prefix . 'acl_roles');
define('ACL_ROLES_DATA_TABLE', $table_prefix . 'acl_roles_data');
define('ACL_ROLES_TABLE', $table_prefix . 'acl_roles');
define('ACL_USERS_TABLE', $table_prefix . 'acl_users');
define('ATTACHMENTS_TABLE', $table_prefix . 'attachments');
define('BANLIST_TABLE', $table_prefix . 'banlist');
@ -145,10 +146,6 @@ define('BOOKMARKS_TABLE', $table_prefix . 'bookmarks');
define('BOTS_TABLE', $table_prefix . 'bots');
define('CONFIG_TABLE', $table_prefix . 'config');
define('CONFIRM_TABLE', $table_prefix . 'confirm');
define('PROFILE_FIELDS_TABLE', $table_prefix . 'profile_fields');
define('PROFILE_LANG_TABLE', $table_prefix . 'profile_lang');
define('PROFILE_FIELDS_DATA_TABLE', $table_prefix . 'profile_fields_data');
define('PROFILE_FIELDS_LANG_TABLE', $table_prefix . 'profile_fields_lang');
define('DISALLOW_TABLE', $table_prefix . 'disallow');
define('DRAFTS_TABLE', $table_prefix . 'drafts');
define('EXTENSIONS_TABLE', $table_prefix . 'extensions');
@ -163,11 +160,17 @@ define('LANG_TABLE', $table_prefix . 'lang');
define('LOG_TABLE', $table_prefix . 'log');
define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache');
define('MODULES_TABLE', $table_prefix . 'modules');
define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options');
define('POLL_VOTES_TABLE', $table_prefix . 'poll_votes');
define('POSTS_TABLE', $table_prefix . 'posts');
define('PRIVMSGS_TABLE', $table_prefix . 'privmsgs');
define('PRIVMSGS_TO_TABLE', $table_prefix . 'privmsgs_to');
define('PRIVMSGS_FOLDER_TABLE', $table_prefix . 'privmsgs_folder');
define('PRIVMSGS_RULES_TABLE', $table_prefix . 'privmsgs_rules');
define('PRIVMSGS_TO_TABLE', $table_prefix . 'privmsgs_to');
define('PROFILE_FIELDS_TABLE', $table_prefix . 'profile_fields');
define('PROFILE_FIELDS_DATA_TABLE', $table_prefix . 'profile_fields_data');
define('PROFILE_FIELDS_LANG_TABLE', $table_prefix . 'profile_fields_lang');
define('PROFILE_LANG_TABLE', $table_prefix . 'profile_lang');
define('RANKS_TABLE', $table_prefix . 'ranks');
define('RATINGS_TABLE', $table_prefix . 'ratings');
define('REPORTS_TABLE', $table_prefix . 'reports');
@ -186,15 +189,13 @@ define('STYLES_THEME_TABLE', $table_prefix . 'styles_theme');
define('STYLES_IMAGESET_TABLE', $table_prefix . 'styles_imageset');
define('TOPICS_TABLE', $table_prefix . 'topics');
define('TOPICS_POSTED_TABLE', $table_prefix . 'topics_posted');
define('TOPICS_WATCH_TABLE', $table_prefix . 'topics_watch');
define('TOPICS_TRACK_TABLE', $table_prefix . 'topics_track');
define('TOPICS_WATCH_TABLE', $table_prefix . 'topics_watch');
define('USER_GROUP_TABLE', $table_prefix . 'user_group');
define('USERS_TABLE', $table_prefix . 'users');
define('USERS_NOTES_TABLE', $table_prefix . 'users_notes');
define('WARNINGS_TABLE', $table_prefix . 'warnings');
define('WORDS_TABLE', $table_prefix . 'words');
define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options');
define('POLL_VOTES_TABLE', $table_prefix . 'poll_votes');
define('ZEBRA_TABLE', $table_prefix . 'zebra');
// Additional tables

101
phpBB/includes/db/dbal.php
View file

@ -177,8 +177,6 @@ class dbal
* Idea for this from Ikonboard
* Possible query values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT
*
* If a key is 'module_name' and firebird used it gets adjusted to '"module_name"'
* on INSERT, INSERT_SELECT, UPDATE and SELECT
*/
function sql_build_array($query, $assoc_ary = false)
{
@ -193,24 +191,16 @@ class dbal
{
foreach ($assoc_ary as $key => $var)
{
$fields[] = ($key == 'module_name' && SQL_LAYER == 'firebird') ? '"' . $key . '"' : $key;
$fields[] = $key;
if (is_null($var))
{
$values[] = 'NULL';
}
else if (is_string($var))
{
$values[] = "'" . $this->sql_escape($var) . "'";
}
else if (is_array($var) && is_string($var[0]))
if (is_array($var) && is_string($var[0]))
{
// This is used for INSERT_SELECT(s)
$values[] = $var[0];
}
else
{
$values[] = (is_bool($var)) ? intval($var) : $var;
$values[] = $this->_sql_validate_value($var);
}
}
@ -224,18 +214,7 @@ class dbal
$values = array();
foreach ($sql_ary as $key => $var)
{
if (is_null($var))
{
$values[] = 'NULL';
}
else if (is_string($var))
{
$values[] = "'" . $this->sql_escape($var) . "'";
}
else
{
$values[] = (is_bool($var)) ? intval($var) : $var;
}
$values[] = $this->_sql_validate_value($var);
}
$ary[] = '(' . implode(', ', $values) . ')';
}
@ -247,20 +226,7 @@ class dbal
$values = array();
foreach ($assoc_ary as $key => $var)
{
$key = ($key == 'module_name' && SQL_LAYER == 'firebird') ? '"' . $key . '"' : $key;
if (is_null($var))
{
$values[] = "$key = NULL";
}
else if (is_string($var))
{
$values[] = "$key = '" . $this->sql_escape($var) . "'";
}
else
{
$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
}
$values[] = "$key = " . $this->_sql_validate_value($var);
}
$query = implode(($query == 'UPDATE') ? ', ' : ' AND ', $values);
}
@ -268,6 +234,49 @@ class dbal
return $query;
}
function sql_in_set($field, $array, $negate = false)
{
if (!sizeof($array))
{
trigger_error('No values specified for SQL IN comparison', E_USER_ERROR);
}
$values = array();
foreach ($array as $var)
{
$values[] = $this->_sql_validate_value($var);
}
if (sizeof($values) == 1)
{
return $field . ($negate ? ' <> ' : ' = ') . $values[0];
}
else
{
return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(', ', $values) . ')';
}
}
/**
* Function for validating values
* @access private
*/
function _sql_validate_value($var)
{
if (is_null($var))
{
return 'NULL';
}
else if (is_string($var))
{
return "'" . $this->sql_escape($var) . "'";
}
else
{
return (is_bool($var)) ? intval($var) : $var;
}
}
/**
* Build sql statement from array for select and select distinct statements
*
@ -286,7 +295,17 @@ class dbal
$table_array = array();
foreach ($array['FROM'] as $table_name => $alias)
{
$table_array[] = $table_name . ' ' . $alias;
if (is_array($alias))
{
foreach ($alias as $multi_alias)
{
$table_array[] = $table_name . ' ' . $multi_alias;
}
}
else
{
$table_array[] = $table_name . ' ' . $alias;
}
}
$sql .= $this->_sql_custom_build('FROM', implode(', ', $table_array));
@ -355,7 +374,7 @@ class dbal
// This could happen if the connection could not be established for example (then we are not able to grab the default language)
if (!isset($user->lang['SQL_ERROR_OCCURRED']))
{
$message .= '<br /><br />An sql error occurred while fetching this page. Please contact an administrator if this problem persist.';
$message .= '<br /><br />An sql error occurred while fetching this page. Please contact an administrator if this problem persists.';
}
else
{

71
phpBB/includes/db/firebird.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'firebird');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* Firebird/Interbase Database Abstraction Layer
@ -32,6 +32,7 @@ if (!defined('SQL_LAYER'))
class dbal_firebird extends dbal
{
var $last_query_text = '';
var $service_handle = false;
/**
* Connect to server
@ -45,9 +46,24 @@ class dbal_firebird extends dbal
$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3);
$this->service_handle = (function_exists('ibase_service_attach')) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
if ($this->service_handle !== false && function_exists('ibase_server_info'))
{
return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);
}
return 'Firebird/Interbase';
}
/**
* SQL Transaction
* @access: private
@ -74,6 +90,12 @@ class dbal_firebird extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -94,7 +116,14 @@ class dbal_firebird extends dbal
if (!$this->transaction)
{
@ibase_commit_ret();
if (function_exists('ibase_commit_ret'))
{
@ibase_commit_ret();
}
else
{
@ibase_commit();
}
}
if ($cache_ttl && method_exists($cache, 'sql_save'))
@ -141,6 +170,18 @@ class dbal_firebird extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return false;
}
@ -199,6 +240,8 @@ class dbal_firebird extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -211,6 +254,11 @@ class dbal_firebird extends dbal
$this->sql_rowseek($rownum, $query_id);
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
@ -224,11 +272,18 @@ class dbal_firebird extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
// We do not fetch the row for rownum == 0 because then the next resultset would be the second row
for ($i = 0; $i < $rownum; $i++)
{
@ -274,11 +329,18 @@ class dbal_firebird extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[(int) $query_id]))
{
unset($this->open_queries[(int) $query_id]);
@ -323,6 +385,11 @@ class dbal_firebird extends dbal
*/
function _sql_close()
{
if ($this->service_handle !== false)
{
@ibase_service_detach($this->service_handle);
}
return @ibase_close($this->db_connect_id);
}

58
phpBB/includes/db/mssql.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'mssql');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* MSSQL Database Abstraction Layer
@ -55,6 +55,28 @@ class dbal_mssql extends dbal
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
$row = false;
if ($result_id)
{
$row = @mssql_fetch_assoc($result_id);
@mssql_free_result($result_id);
}
if ($row)
{
return 'MSSQL<br />' . implode(' ', $row);
}
return 'MSSQL';
}
/**
* SQL Transaction
* @access: private
@ -81,6 +103,12 @@ class dbal_mssql extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -181,11 +209,18 @@ class dbal_mssql extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @mssql_num_rows($query_id) : false;
}
@ -234,6 +269,8 @@ class dbal_mssql extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -246,6 +283,11 @@ class dbal_mssql extends dbal
$this->sql_rowseek($rownum, $query_id);
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
@ -259,11 +301,18 @@ class dbal_mssql extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
return ($query_id) ? @mssql_data_seek($query_id, $rownum) : false;
}
@ -291,11 +340,18 @@ class dbal_mssql extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[$query_id]))
{
unset($this->open_queries[$query_id]);

58
phpBB/includes/db/mssql_odbc.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'mssql_odbc');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* Unified ODBC functions
@ -49,6 +49,28 @@ class dbal_mssql_odbc extends dbal
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
$row = false;
if ($result_id)
{
$row = @odbc_fetch_array($result_id);
@odbc_free_result($result_id);
}
if ($row)
{
return 'MSSQL (ODBC)<br />' . implode(' ', $row);
}
return 'MSSQL (ODBC)';
}
/**
* SQL Transaction
* @access: private
@ -79,6 +101,12 @@ class dbal_mssql_odbc extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -183,11 +211,18 @@ class dbal_mssql_odbc extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @odbc_num_rows($query_id) : false;
}
@ -225,6 +260,8 @@ class dbal_mssql_odbc extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -237,6 +274,11 @@ class dbal_mssql_odbc extends dbal
$this->sql_rowseek($rownum, $query_id);
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
@ -250,11 +292,18 @@ class dbal_mssql_odbc extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
$this->sql_freeresult($query_id);
$query_id = $this->sql_query($this->last_query_text);
@ -301,11 +350,18 @@ class dbal_mssql_odbc extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[(int) $query_id]))
{
unset($this->open_queries[(int) $query_id]);

50
phpBB/includes/db/mysql.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'mysql');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* MySQL Database Abstraction Layer
@ -55,6 +55,14 @@ class dbal_mysql extends dbal
return $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
return 'MySQL ' . @mysql_get_server_info($this->db_connect_id);
}
/**
* SQL Transaction
* @access: private
@ -81,6 +89,12 @@ class dbal_mysql extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -163,11 +177,18 @@ class dbal_mysql extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @mysql_num_rows($query_id) : false;
}
@ -205,6 +226,8 @@ class dbal_mysql extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -214,11 +237,22 @@ class dbal_mysql extends dbal
{
if ($rownum === false)
{
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
else
{
if (isset($cache->sql_rowset[$query_id]))
{
$cache->sql_rowseek($query_id, $rownum);
return $cache->sql_fetchfield($query_id, $field);
}
return @mysql_result($query_id, $rownum, $field);
}
}
@ -232,11 +266,18 @@ class dbal_mysql extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
return ($query_id) ? @mysql_data_seek($query_id, $rownum) : false;
}
@ -253,11 +294,18 @@ class dbal_mysql extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[(int) $query_id]))
{
unset($this->open_queries[(int) $query_id]);

50
phpBB/includes/db/mysql4.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'mysql4');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* MySQL4 Database Abstraction Layer
@ -57,6 +57,14 @@ class dbal_mysql4 extends dbal
return $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
return 'MySQL ' . @mysql_get_server_info($this->db_connect_id);
}
/**
* SQL Transaction
* @access: private
@ -83,6 +91,12 @@ class dbal_mysql4 extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -166,11 +180,18 @@ class dbal_mysql4 extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @mysql_num_rows($query_id) : false;
}
@ -208,6 +229,8 @@ class dbal_mysql4 extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -217,11 +240,22 @@ class dbal_mysql4 extends dbal
{
if ($rownum === false)
{
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
else
{
if (isset($cache->sql_rowset[$query_id]))
{
$cache->sql_rowseek($query_id, $rownum);
return $cache->sql_fetchfield($query_id, $field);
}
return @mysql_result($query_id, $rownum, $field);
}
}
@ -235,11 +269,18 @@ class dbal_mysql4 extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
return ($query_id) ? @mysql_data_seek($query_id, $rownum) : false;
}
@ -256,11 +297,18 @@ class dbal_mysql4 extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[(int) $query_id]))
{
unset($this->open_queries[(int) $query_id]);

46
phpBB/includes/db/mysqli.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'mysqli');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* MySQLi Database Abstraction Layer
@ -57,6 +57,14 @@ class dbal_mysqli extends dbal
return $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
return 'MySQL(i) ' . @mysqli_get_server_info($this->db_connect_id);
}
/**
* SQL Transaction
* @access: private
@ -87,6 +95,12 @@ class dbal_mysqli extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -165,11 +179,18 @@ class dbal_mysqli extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @mysqli_num_rows($query_id) : false;
}
@ -207,6 +228,8 @@ class dbal_mysqli extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -219,6 +242,11 @@ class dbal_mysqli extends dbal
$this->sql_rowseek($rownum, $query_id);
}
if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
@ -232,11 +260,18 @@ class dbal_mysqli extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
return ($query_id) ? @mysqli_data_seek($query_id, $rownum) : false;
}
@ -253,18 +288,19 @@ class dbal_mysqli extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
// Make sure it is not a cached query
if (is_object($this->query_result))
if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
{
return @mysqli_free_result($query_id);
return $cache->sql_freeresult($query_id);
}
return false;
return @mysqli_free_result($query_id);
}
/**

92
phpBB/includes/db/oracle.php
View file

@ -22,7 +22,7 @@ if(!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'oracle');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* Oracle Database Abstraction Layer
@ -47,6 +47,14 @@ class dbal_oracle extends dbal
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
return 'Oracle ' . @ociserverversion($this->db_connect_id);
}
/**
* SQL Transaction
* @access: private
@ -73,6 +81,12 @@ class dbal_oracle extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -155,6 +169,52 @@ class dbal_oracle extends dbal
{
$this->query_result = false;
// Any implicit columns exist?
if (strpos($query, '.*') !== false)
{
// This sucker does a few things for us. It grabs all the explicitly named columns and what tables are being used
preg_match('/SELECT (?:DISTINCT )?(.*?)FROM(.*?)(?:WHERE|(ORDER|GROUP) BY|$)/s', $query, $tables);
// The prefixes of the explicit columns don't matter, they simply get in the way
preg_match_all('/\.(\w+)/', trim($tables[1]), $columns);
// Flip lets us do an easy isset() call
$columns = array_flip($columns[1]);
$table_data = trim($tables[2]);
// Grab the implicitly named columns, they need expanding...
preg_match_all('/(\w)\.\*/', $query, $info);
$cols = array();
foreach ($info[1] as $table_alias)
{
// We need to get the name of the aliased table
preg_match('/(\w+) ' . $table_alias . '/', $table_data, $table_name);
$table_name = $table_name[1];
$sql = "SELECT column_name
FROM all_tab_cols
WHERE table_name = '" . strtoupper($table_name) . "'";
$result = $this->sql_query($sql);
while ($row = $this->sql_fetchrow($result))
{
if (!isset($columns[strtolower($row['column_name'])]))
{
$cols[] = $table_alias . '.' . strtolower($row['column_name']);
}
}
$this->sql_freeresult($result);
// Remove the implicity .* with it's full expansion
$query = str_replace($table_alias . '.*', implode(', ', $cols), $query);
unset($cols);
}
}
$query = 'SELECT * FROM (SELECT /*+ FIRST_ROWS */ rownum AS xrownum, a.* FROM (' . $query . ') a WHERE rownum <= ' . ($offset + $total) . ') WHERE xrownum >= ' . $offset;
return $this->sql_query($query, $cache_ttl);
@ -171,11 +231,18 @@ class dbal_oracle extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
$result = @ocifetchstatement($query_id, $this->rowset);
// OCIFetchStatment kills our query result so we have to execute the statment again
@ -224,7 +291,7 @@ class dbal_oracle extends dbal
// OCI->CLOB?
if (is_object($value))
{
$value = ($value->size()) ? $value->read($value->size()) : '';
$value = $value->load();
}
$result_row[strtolower($key)] = $value;
@ -239,6 +306,8 @@ class dbal_oracle extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -251,6 +320,11 @@ class dbal_oracle extends dbal
$this->sql_rowseek($rownum, $query_id);
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
@ -264,11 +338,18 @@ class dbal_oracle extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
if (!$query_id)
{
return false;
@ -326,11 +407,18 @@ class dbal_oracle extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[(int) $query_id]))
{
unset($this->open_queries[(int) $query_id]);

66
phpBB/includes/db/postgres.php
View file

@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'postgres');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* PostgreSQL Database Abstraction Layer
@ -84,6 +84,25 @@ class dbal_postgres extends dbal
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
}
/**
* Version information about used database
*/
function sql_server_info()
{
if (version_compare(phpversion(), '5.0.0', '>='))
{
$version = @pg_version($this->db_connect_id);
return 'PostgreSQL' . ((!empty($version)) ? ' ' . $version['client'] : '');
}
else
{
$query_id = @pg_query($this->db_connect_id, 'select version()');
$row = @pg_fetch_assoc($query_id, null);
$version = $row['version'];
return ((!empty($version)) ? ' ' . $version : '');
}
}
/**
* SQL Transaction
* @access: private
@ -110,6 +129,12 @@ class dbal_postgres extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -202,11 +227,18 @@ class dbal_postgres extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @pg_num_rows($query_id) : false;
}
@ -235,7 +267,16 @@ class dbal_postgres extends dbal
return $cache->sql_fetchrow($query_id);
}
return ($query_id) ? @pg_fetch_assoc($query_id, NULL) : false;
$row = @pg_fetch_assoc($query_id, null);
if ($row)
{
foreach ($row as $key => $value)
{
$row[$key] = (strpos($key, 'bitfield') === false) ? $value : pg_unescape_bytea($value);
}
}
return ($query_id) ? $row : false;
}
/**
@ -244,6 +285,8 @@ class dbal_postgres extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -256,6 +299,11 @@ class dbal_postgres extends dbal
$this->sql_rowseek($rownum, $query_id);
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
$row = $this->sql_fetchrow($query_id);
return isset($row[$field]) ? $row[$field] : false;
}
@ -269,11 +317,18 @@ class dbal_postgres extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
return ($query_id) ? @pg_result_seek($query_id, $rownum) : false;
}
@ -311,11 +366,18 @@ class dbal_postgres extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
if (isset($this->open_queries[(int) $query_id]))
{
unset($this->open_queries[(int) $query_id]);

64
phpBB/includes/db/sqlite.php
View file

@ -22,10 +22,11 @@ if (!defined('SQL_LAYER'))
{
define('SQL_LAYER', 'sqlite');
include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
/**
* Sqlite Database Abstraction Layer
* Minimum Requirement: 2.8.2+
* @package dbal
*/
class dbal_sqlite extends dbal
@ -48,9 +49,18 @@ class dbal_sqlite extends dbal
@sqlite_query('PRAGMA short_column_names = 1', $this->db_connect_id);
}
return ($this->db_connect_id) ? true : array('message' => $error);
}
/**
* Version information about used database
*/
function sql_server_info()
{
return 'SQLite ' . @sqlite_libversion();
}
/**
* SQL Transaction
* @access: private
@ -77,6 +87,12 @@ class dbal_sqlite extends dbal
/**
* Base query method
*
* @param string $query Contains the SQL query which shall be executed
* @param int $cache_ttl Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
* @return mixed When casted to bool the returned value returns true on success and false on failure
*
* @access public
*/
function sql_query($query = '', $cache_ttl = 0)
{
@ -159,11 +175,18 @@ class dbal_sqlite extends dbal
*/
function sql_numrows($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_numrows($query_id);
}
return ($query_id) ? @sqlite_num_rows($query_id) : false;
}
@ -192,7 +215,9 @@ class dbal_sqlite extends dbal
return $cache->sql_fetchrow($query_id);
}
return ($query_id) ? @sqlite_fetch_array($query_id, SQLITE_ASSOC) : false;
$row = @sqlite_fetch_array($query_id, SQLITE_ASSOC);
return $row;
}
/**
@ -201,6 +226,8 @@ class dbal_sqlite extends dbal
*/
function sql_fetchfield($field, $rownum = false, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
@ -208,15 +235,17 @@ class dbal_sqlite extends dbal
if ($query_id)
{
if ($rownum === false)
{
return @sqlite_column($query_id, $field);
}
else
if ($rownum !== false)
{
$this->sql_rowseek($rownum, $query_id);
return @sqlite_column($query_id, $field);
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_fetchfield($query_id, $field);
}
return @sqlite_column($query_id, $field);
}
return false;
@ -228,11 +257,18 @@ class dbal_sqlite extends dbal
*/
function sql_rowseek($rownum, $query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_rowseek($query_id, $rownum);
}
return ($query_id) ? @sqlite_seek($query_id, $rownum) : false;
}
@ -249,6 +285,18 @@ class dbal_sqlite extends dbal
*/
function sql_freeresult($query_id = false)
{
global $cache;
if (!$query_id)
{
$query_id = $this->query_result;
}
if (isset($cache->sql_rowset[$query_id]))
{
return $cache->sql_freeresult($query_id);
}
return true;
}

495
phpBB/includes/functions.php
View file

@ -145,7 +145,7 @@ function unique_id($extra = 'c')
if ($dss_seeded !== true)
{
set_config('rand_seed', $config['rand_seed']);
set_config('rand_seed', $config['rand_seed'], true);
$dss_seeded = true;
}
@ -376,6 +376,71 @@ if (!function_exists('stripos'))
}
}
if (!function_exists('realpath'))
{
/**
* Replacement for realpath if it is disabled
* This function is from the php manual by nospam at savvior dot com
*/
function phpbb_realpath($path)
{
$translated_path = getenv('PATH_TRANSLATED');
$translated_path = str_replace('\\', '/', $translated_path);
$translated_path = str_replace(basename(getenv('PATH_INFO')), '', $translated_path);
$translated_path .= '/';
if ($path == '.' || $path == './')
{
return $translated_path;
}
// now check for back directory
$translated_path .= $path;
$dirs = explode('/', $translated_path);
foreach ($dirs as $key => $value)
{
if ($value == '..')
{
$dirs[$key] = '';
$dirs[$key - 2] = '';
}
}
$translated_path = '';
foreach ($dirs as $key => $value)
{
if (strlen($value) > 0)
{
$translated_path .= $value . '/';
}
}
$translated_path = substr($translated_path, 0, strlen($translated_path) - 1);
if (is_dir($translated_path) || is_file($translated_path))
{
return $translated_path;
}
return false;
}
}
else
{
/**
* A wrapper for realpath
*/
function phpbb_realpath($path)
{
return realpath($path);
}
}
// functions used for building option fields
/**
@ -429,13 +494,18 @@ function style_select($default = '', $all = false)
/**
* Pick a timezone
*/
function tz_select($default = '')
function tz_select($default = '', $truncate = false)
{
global $sys_timezone, $user;
$tz_select = '';
foreach ($user->lang['tz_zones'] as $offset => $zone)
{
if ($truncate)
{
$zone = (strlen($zone) > 70) ? substr($zone, 0, 70) . '...' : $zone;
}
if (is_numeric($offset))
{
$selected = ($offset == $default) ? ' selected="selected"' : '';
@ -469,7 +539,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
}
else
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
@ -506,13 +576,13 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
{
$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND forum_id IN (" . implode(', ', $forum_id) . ")";
AND " . $db->sql_in_set('forum_id', $forum_id);
$db->sql_query($sql);
$sql = 'SELECT forum_id
FROM ' . FORUMS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND forum_id IN (" . implode(', ', $forum_id) . ')';
AND " . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$sql_update = array();
@ -527,7 +597,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
SET mark_time = ' . time() . "
WHERE user_id = {$user->data['user_id']}
AND forum_id IN (" . implode(', ', $sql_update) . ')';
AND " . $db->sql_in_set('forum_id', $sql_update);
$db->sql_query($sql);
}
@ -563,7 +633,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
}
}
else
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking = ($tracking) ? unserialize($tracking) : array();
@ -628,7 +698,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$db->sql_return_on_error(false);
}
}
else
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking = ($tracking) ? unserialize($tracking) : array();
@ -675,7 +745,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
if ($user->data['is_registered'])
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10)) . " WHERE user_id = {$user->data['user_id']}");
$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
}
else
{
@ -817,7 +888,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
$sql = 'SELECT topic_id, mark_time
FROM ' . TOPICS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND topic_id IN (" . implode(', ', $topic_ids) . ")";
AND " . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -859,7 +930,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
}
}
}
else
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
global $tracking_topics;
@ -925,6 +996,111 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
return $last_read;
}
/**
* Check for read forums and update topic tracking info accordingly
*
* @param int $forum_id the forum id to check
* @param int $forum_last_post_time the forums last post time
* @param int $f_mark_time the forums last mark time if user is registered and load_db_lastread enabled
* @param int $mark_time_forum false if the mark time needs to be obtained, else the last users forum mark time
*
*/
function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
{
global $db, $tracking_topics, $user, $config;
// Determine the users last forum mark time if not given.
if ($mark_time_forum === false)
{
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
$mark_time_forum = (!empty($f_mark_time)) ? $f_mark_time : $user->data['user_lastmark'];
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
if (!isset($tracking_topics) || !sizeof($tracking_topics))
{
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
}
if (!$user->data['is_registered'])
{
$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
}
$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
}
}
// Check the forum for any left unread topics.
// If there are none, we mark the forum as read.
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
if ($mark_time_forum >= $forum_last_post_time)
{
// We do not need to mark read, this happened before. Therefore setting this to true
$row = true;
}
else
{
$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
WHERE t.forum_id = ' . $forum_id . '
AND t.topic_last_post_time > ' . $mark_time_forum . '
AND t.topic_moved_id = 0
AND tt.topic_id IS NULL
GROUP BY t.forum_id';
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
// Get information from cookie
$row = false;
if (!isset($tracking_topics['tf'][$forum_id]))
{
// We do not need to mark read, this happened before. Therefore setting this to true
$row = true;
}
else
{
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . '
WHERE forum_id = ' . $forum_id . '
AND topic_last_post_time > ' . $mark_time_forum . '
AND topic_moved_id = 0';
$result = $db->sql_query($sql);
$check_forum = $tracking_topics['tf'][$forum_id];
$unread = false;
while ($row = $db->sql_fetchrow($result))
{
if (!in_array(base_convert($row['topic_id'], 10, 36), array_keys($check_forum)))
{
$unread = true;
break;
}
}
$db->sql_freeresult($result);
$row = $unread;
}
}
else
{
$row = true;
}
if (!$row)
{
markread('topics', $forum_id);
}
}
// Pagination functions
/**
@ -1095,8 +1271,6 @@ function generate_board_url($without_script_path = false)
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
$url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name;
// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)
{
@ -1106,6 +1280,12 @@ function generate_board_url($without_script_path = false)
$url = $server_protocol . $server_name;
}
else
{
// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
$cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
}
if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
{
@ -1128,15 +1308,12 @@ function redirect($url)
{
global $db, $cache, $config, $user;
if (isset($db))
if (empty($user->lang))
{
$db->sql_close();
$user->add_lang('common');
}
if (isset($cache))
{
$cache->unload();
}
garbage_collection();
// Make sure no &amp;'s are in, this will break the redirect
$url = str_replace('&amp;', '&', $url);
@ -1184,8 +1361,8 @@ function redirect($url)
else
{
// Get the realpath of dirname
$root_dirs = explode('/', str_replace('\\', '/', realpath('./')));
$page_dirs = explode('/', str_replace('\\', '/', realpath($pathinfo['dirname'])));
$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname'])));
$intersection = array_intersect_assoc($root_dirs, $page_dirs);
$root_dirs = array_diff_assoc($root_dirs, $intersection);
@ -1445,13 +1622,17 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
if ($admin && !$auth->acl_get('a_'))
{
// Not authd
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered'])
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login']))
{
$username = request_var('username', '', true);
$username = request_var('username', '');
$password = request_var('password', '');
$autologin = (!empty($_POST['autologin'])) ? true : false;
$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
@ -1478,7 +1659,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
}
else
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered'])
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
@ -1496,12 +1682,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// The user wanted to re-authenticate, but something failed - log this
if ($admin)
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK)
{
@ -1625,13 +1805,13 @@ function login_forum_box($forum_data)
$sql_in = array();
do
{
$sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'";
$sql_in[] = (string) $row['session_id'];
}
while ($row = $db->sql_fetchrow($result));
// Remove expired sessions
$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
WHERE ' . $db->sql_in_set('session_id', $sql_in, true);
$db->sql_query($sql);
}
$db->sql_freeresult($result);
@ -1737,7 +1917,7 @@ function decode_message(&$message, $bbcode_uid = '')
* For display of custom parsed text on user-facing pages
* Expects $text to be the value directly from the database (stored value)
*/
function generate_text_for_display($text, $uid, $bitfield)
function generate_text_for_display($text, $uid, $bitfield, $flags)
{
global $__bbcode;
@ -1746,13 +1926,6 @@ function generate_text_for_display($text, $uid, $bitfield)
return '';
}
// Get flags... they are always allow_bbcode, allow_smilies and allow_urls
$flags = $bitfield;
if ($flags >> 3)
{
$flags = bindec(substr(decbin($flags), strlen(decbin($flags >> 3))));
}
// Parse bbcode if bbcode uid stored and bbcode enabled
if ($uid && ($flags & 1))
{
@ -1764,11 +1937,11 @@ function generate_text_for_display($text, $uid, $bitfield)
if (empty($__bbcode))
{
$__bbcode = new bbcode($bitfield >> 3);
$__bbcode = new bbcode($bitfield);
}
else
{
$__bbcode->bbcode($bitfield >> 3);
$__bbcode->bbcode($bitfield);
}
$__bbcode->bbcode_second_pass($text, $uid);
@ -1785,12 +1958,12 @@ function generate_text_for_display($text, $uid, $bitfield)
* This function additionally returns the uid and bitfield that needs to be stored.
* Expects $text to be the value directly from request_var() and in it's non-parsed form
*/
function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false)
function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false)
{
global $phpbb_root_path, $phpEx;
$uid = '';
$bitfield = 0;
$bitfield = '';
if (!$text)
{
@ -1815,7 +1988,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = fa
}
$flags = (($allow_bbcode) ? 1 : 0) + (($allow_smilies) ? 2 : 0) + (($allow_urls) ? 4 : 0);
$bitfield = $flags + ($message_parser->bbcode_bitfield << 3);
$bitfield = $message_parser->bbcode_bitfield;
return;
}
@ -1824,17 +1997,10 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = fa
* For decoding custom parsed text for edits as well as extracting the flags
* Expects $text to be the value directly from the database (pre-parsed content)
*/
function generate_text_for_edit($text, $uid, $bitfield)
function generate_text_for_edit($text, $uid, $flags)
{
global $phpbb_root_path, $phpEx;
// Get forum flags...
$flags = $bitfield;
if ($flags >> 3)
{
$flags = bindec(substr(decbin($flags), strlen(decbin($flags >> 3))));
}
decode_message($text, $uid);
return array(
@ -1880,7 +2046,7 @@ function make_clickable($text, $server_url = false)
$magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'";
// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
$magic_url_match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.(?:[\w\-\.]+\.)?[\w]+)#ie';
$magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie';
$magic_url_replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
}
@ -1999,26 +2165,41 @@ function extension_allowed($forum_id, $extension, &$extensions)
// Little helpers
/**
* Little helper for the build_hidden_fields function
*/
function _build_hidden_fields($key, $value, $specialchar)
{
$hidden_fields = '';
if (!is_array($value))
{
$key = ($specialchar) ? htmlspecialchars($key) : $key;
$value = ($specialchar) ? htmlspecialchars($value) : $value;
$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n";
}
else
{
foreach ($value as $_key => $_value)
{
$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar);
}
}
return $hidden_fields;
}
/**
* Build simple hidden fields from array
*/
function build_hidden_fields($field_ary)
function build_hidden_fields($field_ary, $specialchar = false)
{
$s_hidden_fields = '';
foreach ($field_ary as $name => $vars)
{
if (is_array($vars))
{
foreach ($vars as $key => $value)
{
$s_hidden_fields .= '<input type="hidden" name="' . $name . '[' . $key . ']" value="' . $value . '" />';
}
}
else
{
$s_hidden_fields .= '<input type="hidden" name="' . $name . '" value="' . $vars . '" />';
}
$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar);
}
return $s_hidden_fields;
@ -2139,7 +2320,7 @@ function get_backtrace()
$output = '<div style="font-family: monospace;">';
$backtrace = debug_backtrace();
$path = realpath($phpbb_root_path);
$path = phpbb_realpath($phpbb_root_path);
foreach ($backtrace as $number => $trace)
{
@ -2184,6 +2365,58 @@ function get_backtrace()
return $output;
}
/**
* This function returns a regular expression pattern for commonly used expressions
* Use with / as delimiter
* mode can be: email|
*/
function get_preg_expression($mode)
{
switch ($mode)
{
case 'email':
return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+';
break;
}
return '';
}
/**
* Truncates string while retaining special characters if going over the max length
* The default max length is 60 at the moment
*/
function truncate_string($string, $max_length = 60)
{
$chars = array();
// split the multibyte characters first
$string_ary = preg_split('#(&\#[0-9]+;)#', $string, -1, PREG_SPLIT_DELIM_CAPTURE);
// Now go through the array and split the other characters
foreach ($string_ary as $key => $value)
{
if (strpos($value, '&#') === 0)
{
$chars[] = $value;
continue;
}
// decode html entities and put them back later
$_chars = str_split(html_entity_decode($value));
$chars = array_merge($chars, array_map('htmlspecialchars', $_chars));
}
// Now check the length ;)
if (sizeof($chars) <= $max_length)
{
return $string;
}
// Cut off the last elements from the array
return implode('', array_slice($chars, 0, $max_length));
}
// Handler, header and footer
/**
@ -2221,8 +2454,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
{
// remove complete path to installation, with the risk of changing backslashes meant to be there
$errfile = str_replace(array(realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
$msg_text = str_replace(array(realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
}
@ -2232,15 +2465,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
case E_USER_ERROR:
if (isset($db))
{
$db->sql_close();
}
if (isset($cache))
{
$cache->unload();
}
garbage_collection();
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">';
@ -2390,7 +2615,15 @@ function page_header($page_title = '', $display_online_list = true)
if (!empty($_REQUEST['f']))
{
$f = request_var('f', 0);
$reading_sql = " AND s.session_page LIKE '%f=$f%'";
// Do not change this (it is defined as _f_={forum_id}x within session.php)
$reading_sql = " AND s.session_page LIKE '%\_f\_={$f}x%'";
// Specify escape character for MSSQL
if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
{
$reading_sql .= " ESCAPE '\\'";
}
}
// Get number of online guests
@ -2463,7 +2696,7 @@ function page_header($page_title = '', $display_online_list = true)
if (!$online_userlist)
{
$online_userlist = $user->lang['NONE'];
$online_userlist = $user->lang['NO_ONLINE_USERS'];
}
if (empty($_REQUEST['f']))
@ -2616,7 +2849,9 @@ function page_header($page_title = '', $display_online_list = true)
'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false,
'S_BOARD_DISABLED' => ($config['board_disable'] && !defined('IN_LOGIN') && $auth->acl_gets('a_', 'm_')) ? true : false,
'S_REGISTERED_USER' => $user->data['is_registered'],
'S_IS_BOT' => $user->data['is_bot'],
'S_USER_PM_POPUP' => $user->optionget('popuppm'),
'S_USER_LANG' => $user->data['user_lang'],
'S_USER_BROWSER' => (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
@ -2653,7 +2888,7 @@ function page_header($page_title = '', $display_online_list = true)
{
header('Content-type: text/html; charset=' . $user->lang['ENCODING']);
}
header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
header('Cache-Control: private, no-cache="set-cookie"');
header('Expires: 0');
header('Pragma: no-cache');
@ -2726,7 +2961,6 @@ function page_footer()
else if (time() - $config['database_gc'] > $config['database_last_gc'])
{
// Tidy the database
// This includes recalculation binary trees, ...
$cron_type = 'tidy_database';
}
else if (time() - $config['search_gc'] > $config['search_last_gc'])
@ -2770,4 +3004,101 @@ function garbage_collection()
$db->sql_close();
}
/**
*/
class bitfield
{
var $data;
function bitfield($bitfield = '')
{
$this->data = base64_decode($bitfield);
}
/**
*/
function get($n)
{
// Get the ($n / 8)th char
$byte = $n >> 3;
if (!isset($this->data[$byte]))
{
// Of course, if it doesn't exist then the result if FALSE
return false;
}
$c = $this->data[$byte];
// Lookup the ($n % 8)th bit of the byte
$bit = 7 - ($n & 7);
return (bool) (ord($c) & (1 << $bit));
}
function set($n)
{
$byte = $n >> 3;
$bit = 7 - ($n & 7);
if (isset($this->data[$byte]))
{
$this->data[$byte] = $this->data[$byte] | chr(1 << $bit);
}
else
{
if ($byte - strlen($this->data) > 0)
{
$this->data .= str_repeat("\0", $byte - strlen($this->data));
}
$this->data .= chr(1 << $bit);
}
}
function clear($n)
{
$byte = $n >> 3;
if (!isset($this->data[$byte]))
{
return;
}
$bit = 7 - ($n & 7);
$this->data[$byte] = $this->data[$byte] &~ chr(1 << $bit);
}
function get_blob()
{
return $this->data;
}
function get_base64()
{
return base64_encode($this->data);
}
function get_bin()
{
$bin = '';
$len = strlen($this->data);
for ($i = 0; $i < $len; ++$i)
{
$bin .= str_pad(decbin(ord($this->data[$i])), 8, '0', STR_PAD_LEFT);
}
return $bin;
}
function get_all_set()
{
return array_keys(array_filter(str_split($this->get_bin())));
}
function merge($bitfield)
{
$this->data = $this->data | $bitfield->get_blob();
}
}
?>

255
phpBB/includes/functions_admin.php
View file

@ -10,16 +10,10 @@
/**
* Recalculate Binary Tree
*/
function recalc_btree($sql_id, $sql_table, $module_class = '')
{
global $db;
/* Init table, id's, etc...
$sql_id = 'module_id'; // 'forum_id'
$sql_table = MODULES_TABLE; // FORUMS_TABLE
*/
if (!$sql_id || !$sql_table)
{
return;
@ -103,15 +97,16 @@ function recalc_btree($sql_id, $sql_table, $module_class = '')
}
$db->sql_freeresult($f_result);
}
*/
/**
* Simple version of jumpbox, just lists authed forums
*/
function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $return_array = false)
function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $only_acl_post = false, $return_array = false)
{
global $db, $user, $auth;
$acl = ($ignore_acl) ? '' : array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel');
$acl = ($ignore_acl) ? '' : (($only_acl_post) ? 'f_post' : array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'));
// This query is identical to the jumpbox one
$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, forum_status, left_id, right_id
@ -211,8 +206,8 @@ function group_select_options($group_id, $exclude_ids = false)
{
global $db, $user, $config;
$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE group_id NOT IN (' . implode(', ', array_map('intval', $exclude_ids)) . ')' : '';
$sql_and = ($config['coppa_hide_groups']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE ' . $db->sql_in_set('group_id', array_map('intval', $exclude_ids), true) : '';
$sql_and = (!$config['coppa_enable']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . "
@ -245,7 +240,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only =
// This query is identical to the jumpbox one
$expire_time = ($no_cache) ? 0 : 120;
$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id ASC';
$result = $db->sql_query($sql, $expire_time);
@ -361,7 +356,7 @@ function filelist($rootdir, $dir = '', $type = 'gif|jpg|jpeg|png')
return $matches;
}
/*
/**
* Move topic(s)
*/
function move_topics($topic_ids, $forum_id, $auto_sync = true)
@ -381,7 +376,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
}
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ')
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
AND forum_id = ' . $forum_id;
$db->sql_query($sql);
@ -389,7 +384,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
{
$sql = 'SELECT DISTINCT forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id ' . $sql_where;
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -404,7 +399,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
{
$sql = "UPDATE $table
SET forum_id = $forum_id
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')';
WHERE " . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
unset($table_ary);
@ -433,7 +428,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
$sql = 'SELECT DISTINCT topic_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -457,12 +452,12 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
$sql = 'UPDATE ' . POSTS_TABLE . '
SET forum_id = ' . $forum_row['forum_id'] . ", topic_id = $topic_id
WHERE post_id IN (" . implode(', ', $post_ids) . ')';
WHERE " . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
SET topic_id = $topic_id, in_message = 0
WHERE post_msg_id IN (" . implode(', ', $post_ids) . ')';
WHERE " . $db->sql_in_set('post_msg_id', $post_ids);
$db->sql_query($sql);
if ($auto_sync)
@ -470,6 +465,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
$forum_ids[] = $forum_row['forum_id'];
sync('topic_reported', 'topic_id', $topic_ids);
sync('topic_attachment', 'topic_id', $topic_ids);
sync('topic', 'topic_id', $topic_ids, true);
sync('forum', 'forum_id', $forum_ids, true);
}
@ -483,7 +479,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
*/
function delete_topics($where_type, $where_ids, $auto_sync = true)
{
global $db;
global $db, $config;
$forum_ids = $topic_ids = array();
@ -491,6 +487,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
{
$where_ids = array_unique($where_ids);
}
else
{
$where_ids = array($where_ids);
}
if (!sizeof($where_ids))
{
@ -498,12 +498,12 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
}
$return = array(
'posts' => delete_posts($where_type, $where_ids, false, false)
'posts' => delete_posts($where_type, $where_ids, false, true)
);
$sql = 'SELECT topic_id, forum_id
FROM ' . TOPICS_TABLE . "
WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')');
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set($where_type, $where_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -520,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
return $return;
}
$sql_where = ' IN (' . implode(', ', $topic_ids) . ')';
$db->sql_transaction('begin');
$table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE);
@ -529,13 +527,13 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
foreach ($table_ary as $table)
{
$sql = "DELETE FROM $table
WHERE topic_id $sql_where";
WHERE " . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
unset($table_ary);
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_moved_id' . $sql_where;
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
$db->sql_query($sql);
$db->sql_transaction('commit');
@ -546,6 +544,8 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
sync('topic_reported', $where_type, $where_ids);
}
set_config('num_topics', $config['num_topics'] - sizeof($return['topics']), true);
return $return;
}
@ -560,17 +560,21 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
{
$where_ids = array_unique($where_ids);
}
else
{
$where_ids = array($where_ids);
}
if (empty($where_ids))
if (!sizeof($where_ids))
{
return false;
}
$post_ids = $topic_ids = $forum_ids = array();
$post_ids = $topic_ids = $forum_ids = $post_counts = array();
$sql = 'SELECT post_id, poster_id, topic_id, forum_id
FROM ' . POSTS_TABLE . "
WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')');
$sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -579,6 +583,11 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
$poster_ids[] = $row['poster_id'];
$topic_ids[] = $row['topic_id'];
$forum_ids[] = $row['forum_id'];
if ($row['post_postcount'])
{
$post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1;
}
}
$db->sql_freeresult($result);
@ -587,8 +596,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
return false;
}
$sql_where = implode(', ', $post_ids);
$db->sql_transaction('begin');
$table_ary = array(POSTS_TABLE, REPORTS_TABLE);
@ -596,11 +603,23 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
foreach ($table_ary as $table)
{
$sql = "DELETE FROM $table
WHERE post_id IN ($sql_where)";
WHERE " . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
unset($table_ary);
// Adjust users post counts
if (sizeof($post_counts))
{
foreach ($post_counts as $poster_id => $substract)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts - ' . $substract . '
WHERE user_id = ' . $poster_id;
$db->sql_query($sql);
}
}
// Remove the message from the search index
$search_type = basename($config['search_type']);
@ -619,7 +638,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
trigger_error($error);
}
$search->index_remove($post_ids, $poster_ids);
$search->index_remove($post_ids, $poster_ids, $forum_ids);
delete_attachments('post', $post_ids, false);
@ -638,6 +657,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
sync('forum', 'forum_id', $forum_ids, true);
}
set_config('num_posts', $config['num_posts'] - sizeof($post_ids), true);
return sizeof($post_ids);
}
@ -676,7 +697,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
WHERE ' . $db->sql_in_set($sql_id, $ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -692,7 +713,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'SELECT topic_id, physical_filename, thumbnail, filesize
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
@ -706,7 +727,7 @@ function delete_attachments($mode, $ids, $resync = true)
// Delete attachments
$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
WHERE ' . $db->sql_in_set($sql_id, $ids);
$db->sql_query($sql);
$num_deleted = $db->sql_affectedrows();
@ -754,7 +775,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
@ -764,7 +785,7 @@ function delete_attachments($mode, $ids, $resync = true)
$sql = 'SELECT post_msg_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
@ -780,7 +801,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE post_id IN (' . implode(', ', $unset_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $unset_ids);
$db->sql_query($sql);
}
@ -788,7 +809,7 @@ function delete_attachments($mode, $ids, $resync = true)
$sql = 'SELECT post_msg_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 1';
$result = $db->sql_query($sql);
@ -804,7 +825,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_attachment = 0
WHERE msg_id IN (' . implode(', ', $unset_ids) . ')';
WHERE ' . $db->sql_in_set('msg_id', $unset_ids);
$db->sql_query($sql);
}
}
@ -817,7 +838,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 0
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
@ -827,7 +848,7 @@ function delete_attachments($mode, $ids, $resync = true)
$sql = 'SELECT topic_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -842,7 +863,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 0
WHERE topic_id IN (' . implode(', ', $unset_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $unset_ids);
$db->sql_query($sql);
}
}
@ -856,7 +877,7 @@ function delete_attachments($mode, $ids, $resync = true)
*/
function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
{
$where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
$where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
switch (SQL_LAYER)
{
@ -888,7 +909,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
if (sizeof($topic_ids))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(',', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
break;
@ -915,13 +936,13 @@ function update_posted_info(&$topic_ids)
// First of all, let us remove any posted information for these topics
$sql = 'DELETE FROM ' . TOPICS_POSTED_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
// Now, let us collect the user/topic combos for rebuilding the information
$sql = 'SELECT poster_id, topic_id
FROM ' . POSTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')
WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
AND poster_id <> ' . ANONYMOUS . '
GROUP BY poster_id, topic_id';
$result = $db->sql_query($sql);
@ -1041,7 +1062,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
// Limit the topics/forums we are syncing, use specific topic/forum IDs.
// $where_type contains the field for the where clause (forum_id, topic_id)
$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
$where_sql_and = $where_sql . "\n\tAND";
}
}
@ -1053,7 +1074,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
}
// $where_type contains the field for the where clause (forum_id, topic_id)
$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
$where_sql_and = $where_sql . "\n\tAND";
}
@ -1091,7 +1112,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
}
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_id_ary);
$db->sql_query($sql);
break;
@ -1130,7 +1151,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_approved = 1 - topic_approved
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
break;
}
@ -1157,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$sql = 'SELECT DISTINCT(post_id)
FROM ' . REPORTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_id', $post_ids) . '
AND report_closed = 0';
$result = $db->sql_query($sql);
@ -1186,7 +1207,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 1 - post_reported
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
break;
@ -1228,7 +1249,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 1 - topic_reported
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
break;
@ -1254,7 +1275,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$sql = 'SELECT DISTINCT(post_msg_id)
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
@ -1283,7 +1304,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 1 - post_attachment
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
break;
@ -1325,7 +1346,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 1 - topic_attachment
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
break;
@ -1360,10 +1381,15 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
}
$db->sql_freeresult($result);
if (!sizeof($forum_ids))
{
break;
}
// 2: Get topic counts for each forum
$sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics
FROM ' . TOPICS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
GROUP BY forum_id, topic_approved';
$result = $db->sql_query($sql);
@ -1382,7 +1408,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
// 3: Get post count and last_post_id for each forum
$sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id
FROM ' . POSTS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
AND post_approved = 1
GROUP BY forum_id';
$result = $db->sql_query($sql);
@ -1403,7 +1429,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
AND p.poster_id = u.user_id';
$result = $db->sql_query($sql);
@ -1469,15 +1495,21 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
break;
case 'topic':
$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = array();
$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = $moved_topics = array();
$sql = 'SELECT t.topic_id, t.forum_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
$sql = 'SELECT t.topic_id, t.forum_id, t.topic_moved_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
FROM ' . TOPICS_TABLE . " t
$where_sql";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if ($row['topic_moved_id'])
{
$moved_topics[] = $row['topic_id'];
continue;
}
$topic_id = (int) $row['topic_id'];
$topic_data[$topic_id] = $row;
$topic_data[$topic_id]['replies_real'] = -1;
@ -1581,9 +1613,34 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
unset($delete_topics, $delete_topic_ids);
}
// Make sure shadow topics do link to existing topics
if (sizeof($moved_topics))
{
$delete_topics = array();
$sql = 'SELECT t1.topic_id, t1.topic_moved_id
FROM ' . TOPICS_TABLE . ' t1
LEFT JOIN ' . TOPICS_TABLE . ' t2 ON (t2.topic_id = t1.topic_moved_id)
WHERE ' . $db->sql_in_set('t1.topic_id', $moved_topics) . '
AND t2.topic_id IS NULL';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$delete_topics[] = $row['topic_id'];
}
$db->sql_freeresult($result);
if (sizeof($delete_topics))
{
delete_topics('topic_id', $delete_topics, false);
}
unset($delete_topics);
}
$sql = 'SELECT p.post_id, p.topic_id, p.post_approved, p.poster_id, p.post_username, p.post_time, u.username
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(',', $post_ids) . ')
WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
AND u.user_id = p.poster_id';
$result = $db->sql_query($sql);
@ -1617,7 +1674,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_approved = 1 - topic_approved
WHERE topic_id IN (' . implode(', ', $approved_unapproved_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $approved_unapproved_ids);
$db->sql_query($sql);
}
unset($approved_unapproved_ids);
@ -1704,9 +1761,18 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
{
global $db;
$sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id;
if (!is_array($forum_id))
{
$forum_id = array($forum_id);
}
if (!sizeof($forum_id))
{
return;
}
$sql_and = '';
if (!($prune_flags & 4))
{
$sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE;
@ -1728,8 +1794,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
}
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . "
WHERE forum_id $sql_forum
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
AND poll_start = 0
$sql_and";
$result = $db->sql_query($sql);
@ -1744,8 +1810,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
if ($prune_flags & 2)
{
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . "
WHERE forum_id $sql_forum
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
AND poll_start > 0
AND poll_last_vote < $prune_date
$sql_and";
@ -1879,7 +1945,7 @@ function cache_moderators()
// Clear table
$db->sql_query(((SQL_LAYER != 'sqlite') ? 'TRUNCATE TABLE ' : 'DELETE FROM ') . MODERATOR_CACHE_TABLE);
// We add moderators who have forum moderator permissions without an explicit ACL_NO setting
// We add moderators who have forum moderator permissions without an explicit ACL_NEVER setting
$hold_ary = $ug_id_ary = $sql_ary = array();
// Grab all users having moderative options...
@ -1909,12 +1975,13 @@ function cache_moderators()
),
'WHERE' => '(o.auth_option_id = a.auth_option_id OR o.auth_option_id = r.auth_option_id)
AND ((a.auth_setting = ' . ACL_NO . ' AND r.auth_setting IS NULL)
OR r.auth_setting = ' . ACL_NO . ')
AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL)
OR r.auth_setting = ' . ACL_NEVER . ')
AND a.group_id = ug.group_id
AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ")
AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . "
AND ug.user_pending = 0
AND o.auth_option LIKE 'm\_%'",
AND o.auth_option LIKE 'm\_%'" .
((SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : ''),
));
$result = $db->sql_query($sql);
@ -1932,7 +1999,7 @@ function cache_moderators()
// Get usernames...
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary));
$result = $db->sql_query($sql);
$usernames_ary = array();
@ -1967,7 +2034,7 @@ function cache_moderators()
// Make sure not hidden or special groups are involved...
$sql = 'SELECT group_name, group_id, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $ug_id_ary) . ')';
WHERE ' . $db->sql_in_set('group_id', $ug_id_ary);
$result = $db->sql_query($sql);
$groupnames_ary = array();
@ -2060,7 +2127,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
}
else if (is_array($forum_id))
{
$sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
$sql_forum = 'AND ' . $db->sql_in_set('l.forum_id', array_map('intval', $forum_id));
}
else
{
@ -2131,12 +2198,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
if (isset($user->lang[$row['log_operation']]))
{
foreach ($log_data_ary as $log_data)
{
$log_data = str_replace("\n", '<br />', censor_text($log_data));
$log[$i]['action'] = preg_replace('#%s#', $log_data, $log[$i]['action'], 1);
}
$log[$i]['action'] = vsprintf($log[$i]['action'], $log_data_ary);
$log[$i]['action'] = str_replace("\n", '<br />', censor_text($log[$i]['action']));
}
else
{
@ -2156,7 +2219,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
// although it's also used to determine if the topic still exists in the database
$sql = 'SELECT topic_id, forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_map('intval', $topic_id_list));
$result = $db->sql_query($sql);
$default_forum_id = 0;
@ -2454,9 +2517,8 @@ function tidy_warnings()
{
$db->sql_transaction('begin');
$sql_where = ' IN (' . implode(', ', $warning_list) . ')';
$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
WHERE warning_id $sql_where";
$sql = 'DELETE FROM ' . WARNINGS_TABLE . '
WHERE ' . $db->sql_in_set('warning_id', $warning_list);
$db->sql_query($sql);
foreach ($user_list as $user_id => $value)
@ -2479,20 +2541,7 @@ function tidy_database()
{
global $db;
// Recalculate binary tree for forums
recalc_btree('forum_id', FORUMS_TABLE);
// Recalculate binary tree for modules
$sql = 'SELECT module_class
FROM ' . MODULES_TABLE . '
GROUP BY module_class';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
recalc_btree('module_id', MODULES_TABLE, $row['module_class']);
}
$db->sql_freeresult($result);
set_config('database_last_gc', time(), true);
}

145
phpBB/includes/functions_display.php
View file

@ -46,16 +46,16 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
// Display list of active topics for this category?
$show_active = (isset($root_data['forum_flags']) && $root_data['forum_flags'] & 16) ? true : false;
$sql_from = FORUMS_TABLE . ' f ';
$lastread_select = $sql_lastread = '';
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
$sql_from = FORUMS_TABLE . ' f LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id)';
$lastread_select = ', ft.mark_time ';
}
else
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$sql_from = FORUMS_TABLE . ' f ';
$lastread_select = $sql_lastread = '';
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
@ -116,7 +116,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
{
$forum_tracking_info[$forum_id] = (!empty($row['mark_time'])) ? $row['mark_time'] : $user->data['user_lastmark'];
}
else
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
if (!$user->data['is_registered'])
{
@ -156,7 +156,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$parent_id = $forum_id;
$forum_rows[$forum_id] = $row;
if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
{
$branch_root_id = $forum_id;
}
@ -228,13 +228,13 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
foreach ($forum_rows as $row)
{
// Empty category
if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT)
if ($row['parent_id'] == $root_data['forum_id'] && $row['forum_type'] == FORUM_CAT)
{
$template->assign_block_vars('forumrow', array(
'S_IS_CAT' => true,
'FORUM_ID' => $row['forum_id'],
'FORUM_NAME' => $row['forum_name'],
'FORUM_DESC' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
'FORUM_DESC' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
'FORUM_FOLDER_IMG' => ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang['FORUM_CAT'] . '" />' : '',
'FORUM_FOLDER_IMG_SRC' => ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']))
@ -273,14 +273,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
$l_subforums = (sizeof($subforums[$forum_id]) == 1) ? $user->lang['SUBFORUM'] . ': ' : $user->lang['SUBFORUMS'] . ': ';
$folder_image = ($forum_unread) ? 'sub_forum_new' : 'sub_forum';
$folder_image = ($forum_unread) ? 'forum_unread_subforum' : 'forum_read_subforum';
}
else
{
switch ($row['forum_type'])
{
case FORUM_POST:
$folder_image = ($forum_unread) ? 'forum_new' : 'forum';
$folder_image = ($forum_unread) ? 'forum_unread' : 'forum_read';
break;
case FORUM_LINK:
@ -292,7 +292,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
// Which folder should we display?
if ($row['forum_status'] == ITEM_LOCKED)
{
$folder_image = 'forum_locked';
$folder_image = ($forum_unread) ? 'forum_unread_locked' : 'forum_read_locked';
$folder_alt = 'FORUM_LOCKED';
}
else
@ -334,7 +334,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'FORUM_ID' => $row['forum_id'],
'FORUM_NAME' => $row['forum_name'],
'FORUM_DESC' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
'FORUM_DESC' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
'TOPICS' => $row['forum_topics'],
$l_post_click_count => $post_click_count,
'FORUM_FOLDER_IMG' => ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : $user->img($folder_image, $folder_alt),
@ -358,7 +358,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'U_MARK_FORUMS' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&amp;mark=forums'),
'S_HAS_SUBFORUM' => ($visible_forums) ? true : false,
'L_SUBFORUM' => ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'))
'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'))
);
if ($return_moderators)
@ -383,7 +383,7 @@ function generate_forum_rules(&$forum_data)
if ($forum_data['forum_rules'])
{
$forum_data['forum_rules'] = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
$forum_data['forum_rules'] = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options']);
}
$template->assign_vars(array(
@ -443,7 +443,7 @@ function generate_forum_nav(&$forum_data)
$template->assign_vars(array(
'FORUM_ID' => $forum_data['forum_id'],
'FORUM_NAME' => $forum_data['forum_name'],
'FORUM_DESC' => generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield']))
'FORUM_DESC' => generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options']))
);
return;
@ -556,18 +556,22 @@ function get_moderators(&$forum_moderators, $forum_id = false)
return;
}
if ($forum_id !== false && is_array($forum_id))
$forum_sql = '';
if ($forum_id !== false)
{
if (!is_array($forum_id))
{
$forum_id = array($forum_id);
}
// If we don't have a forum then we can't have a moderator
if (!sizeof($forum_id))
{
return;
}
$forum_sql = 'AND forum_id IN (' . implode(', ', $forum_id) . ')';
}
else
{
$forum_sql = ($forum_id !== false) ? 'AND forum_id = ' . $forum_id : '';
$forum_sql = 'AND ' . $db->sql_in_set('forum_id', $forum_id);
}
$sql = 'SELECT *
@ -626,7 +630,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
if ($topic_row['topic_status'] == ITEM_MOVED)
{
$topic_type = $user->lang['VIEW_TOPIC_MOVED'];
$folder_img = 'folder_moved';
$folder_img = 'topic_moved';
$folder_alt = 'VIEW_TOPIC_MOVED';
}
else
@ -634,28 +638,32 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
switch ($topic_row['topic_type'])
{
case POST_GLOBAL:
$topic_type = $user->lang['VIEW_TOPIC_GLOBAL'];
$folder = 'global_read';
$folder_new = 'global_unread';
break;
case POST_ANNOUNCE:
$topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT'];
$folder = 'folder_announce';
$folder_new = 'folder_announce_new';
$folder = 'announce_read';
$folder_new = 'announce_unread';
break;
case POST_STICKY:
$topic_type = $user->lang['VIEW_TOPIC_STICKY'];
$folder = 'folder_sticky';
$folder_new = 'folder_sticky_new';
$folder = 'sticky_read';
$folder_new = 'sticky_unread';
break;
default:
if ($replies >= $config['hot_threshold'])
$topic_type = '';
$folder = 'topic_read';
$folder_new = 'topic_unread';
if ($config['hot_threshold'] && $replies >= $config['hot_threshold'])
{
$folder = 'folder_hot';
$folder_new = 'folder_hot_new';
}
else
{
$folder = 'folder';
$folder_new = 'folder_new';
$folder .= '_hot';
$folder_new .= '_hot';
}
break;
}
@ -663,17 +671,18 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
if ($topic_row['topic_status'] == ITEM_LOCKED)
{
$topic_type = $user->lang['VIEW_TOPIC_LOCKED'];
$folder = 'folder_locked';
$folder_new = 'folder_locked_new';
$folder .= '_locked';
$folder_new .= '_locked';
}
$folder_img = ($unread_topic) ? $folder_new : $folder;
$folder_alt = ($unread_topic) ? 'NEW_POSTS' : (($topic_row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_NEW_POSTS');
// Posted image?
if (!empty($topic_row['topic_posted']) && $topic_row['topic_posted'])
{
$folder_img .= '_posted';
$folder_img .= '_mine';
}
}
@ -719,9 +728,9 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
if (isset($extensions[$attachment['extension']]))
{
if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
if ($user->img('icon_topic_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
{
$upload_icon = $user->img('icon_attach', '');
$upload_icon = $user->img('icon_topic_attach', '');
}
else if ($extensions[$attachment['extension']]['upload_icon'])
{
@ -733,7 +742,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
$comment = str_replace("\n", '<br />', censor_text($attachment['comment']));
$comment = str_replace("\n", '<br />', censor_text($attachment['attach_comment']));
$block_array += array(
'UPLOAD_ICON' => $upload_icon,
@ -784,12 +793,13 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
}
}
$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;f=' . $forum_id) : $filename;
switch ($display_cat)
{
// Images
case ATTACHMENT_CATEGORY_IMAGE:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array(
'S_IMAGE' => true,
@ -801,17 +811,24 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
// Images, but display Thumbnail
case ATTACHMENT_CATEGORY_THUMB:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
$thumbnail_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;t=1&amp;f=' . $forum_id) : $thumbnail_filename;
$block_array += array(
'S_THUMBNAIL' => true,
'THUMB_IMAGE' => $thumbnail_filename,
'THUMB_IMAGE' => $thumbnail_link,
);
break;
// Windows Media Streams
case ATTACHMENT_CATEGORY_WM:
$l_downloaded_viewed = $user->lang['VIEWED'];
// The download link is slightly different, because somehow phpBB is not able to get the correct results if called
// within the wmp object (cookies are not present).
// $download_link = (!$force_physical && $attachment['attach_id']) ? generate_board_url() . append_sid("/download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . $forum_id, false, $user->session_id) : $filename;
// Giving the filename directly because within the wm object all variables are in local context making it impossible
// to validate against a valid session (all params can differ)
$download_link = $filename;
$block_array += array(
@ -825,7 +842,6 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
// Real Media Streams
case ATTACHMENT_CATEGORY_RM:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array(
'S_RM_FILE' => true,
@ -856,7 +872,6 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
*/
default:
$l_downloaded_viewed = $user->lang['DOWNLOADED'];
$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
$block_array += array(
'S_FILE' => true,
@ -892,6 +907,40 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
return $return_tpl;
}
/**
* Assign/Build custom bbcodes for display in screens supporting using of bbcodes
* The custom bbcodes buttons will be placed within the template block 'custom_codes'
*/
function display_custom_bbcodes()
{
global $db, $template;
// Start counting from 22 for the bbcode ids (every bbcode takes two ids - opening/closing)
$num_predefined_bbcodes = 22;
/*
* @todo while adjusting custom bbcodes, think about caching this query as well as correct ordering
*/
$sql = 'SELECT bbcode_id, bbcode_tag, bbcode_helpline
FROM ' . BBCODES_TABLE . '
WHERE display_on_posting = 1';
$result = $db->sql_query($sql);
$i = 0;
while ($row = $db->sql_fetchrow($result))
{
$template->assign_block_vars('custom_tags', array(
'BBCODE_NAME' => "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
'BBCODE_ID' => $num_predefined_bbcodes + ($i * 2),
'BBCODE_TAG' => $row['bbcode_tag'],
'BBCODE_HELPLINE' => $row['bbcode_helpline'])
);
$i++;
}
$db->sql_freeresult($result);
}
/**
* Display reasons
*/
@ -967,7 +1016,7 @@ function display_user_activity(&$userdata)
}
$forum_ary = array_unique($forum_ary);
$post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id NOT IN (' . implode(', ', $forum_ary) . ')' : '';
$post_count_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('f.forum_id', $forum_ary, true) : '';
// Firebird does not support ORDER BY on aliased columns
// MySQL does not support ORDER BY on functions
@ -1073,10 +1122,10 @@ function display_user_activity(&$userdata)
$template->assign_vars(array(
'ACTIVE_FORUM' => $active_f_name,
'ACTIVE_FORUM_POSTS' => ($active_f_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_f_count),
'ACTIVE_FORUM_PCT' => sprintf($user->lang['POST_PCT'], $active_f_pct),
'ACTIVE_FORUM_PCT' => sprintf($user->lang['POST_PCT_ACTIVE'], $active_f_pct),
'ACTIVE_TOPIC' => censor_text($active_t_name),
'ACTIVE_TOPIC_POSTS' => ($active_t_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_t_count),
'ACTIVE_TOPIC_PCT' => sprintf($user->lang['POST_PCT'], $active_t_pct),
'ACTIVE_TOPIC_PCT' => sprintf($user->lang['POST_PCT_ACTIVE'], $active_t_pct),
'U_ACTIVE_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $active_f_id),
'U_ACTIVE_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $active_t_id))
);

18
phpBB/includes/functions_messenger.php
View file

@ -352,8 +352,8 @@ class messenger
$headers .= "Content-transfer-encoding: 8bit\n";
$headers .= "X-Priority: {$this->mail_priority}\n";
$headers .= 'X-MSMail-Priority: ' . (($this->mail_priority == MAIL_LOW_PRIORITY) ? 'Low' : (($this->mail_priority == MAIL_NORMAL_PRIORITY) ? 'Normal' : 'High')) . "\n";
$headers .= "X-Mailer: PhpBB\n";
$headers .= "X-MimeOLE: phpBB\n";
$headers .= "X-Mailer: PhpBB3\n";
$headers .= "X-MimeOLE: phpBB3\n";
$headers .= "X-phpBB-Origin: phpbb://" . str_replace(array('http://', 'https://'), array('', ''), generate_board_url()) . "\n";
$headers .= ($this->extra_headers != '') ? $this->extra_headers : '';
@ -363,7 +363,14 @@ class messenger
$mail_to = ($to == '') ? 'Undisclosed-Recipient:;' : $to;
$err_msg = '';
$result = ($config['smtp_delivery']) ? smtpmail($this->addresses, $this->subject, wordwrap($this->msg), $err_msg, $this->encoding, $headers) : @$config['email_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
if ($config['smtp_delivery'])
{
$result = smtpmail($this->addresses, $this->subject, wordwrap($this->msg), $err_msg, $this->encoding, $headers);
}
else
{
$result = @$config['email_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
}
if (!$result)
{
@ -808,8 +815,11 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
$smtp = new smtp_class;
$errno = 0;
$errstr = '';
// Ok we have error checked as much as we can to this point let's get on it already.
if (!$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
if (!$smtp->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
{
$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
return false;

100
phpBB/includes/functions_module.php
View file

@ -20,8 +20,8 @@ class p_master
var $p_mode;
var $p_parent;
var $active_module = false;
var $acl_forum_id = false;
var $module_ary = array();
/**
@ -86,7 +86,7 @@ class p_master
}
// Category with no members, ignore
if (!$row['module_name'] && ($row['left_id'] + 1 == $row['right_id']))
if (!$row['module_basename'] && ($row['left_id'] + 1 == $row['right_id']))
{
unset($this->module_cache['modules'][$key]);
continue;
@ -135,7 +135,7 @@ class p_master
}
// Category with no members on their way down (we have to check every level)
if (!$row['module_name'])
if (!$row['module_basename'])
{
$empty_category = true;
@ -145,7 +145,7 @@ class p_master
if ($temp_row['left_id'] > $row['left_id'] && $temp_row['left_id'] < $row['right_id'])
{
// Module there
if ($temp_row['module_name'] && $temp_row['module_enabled'])
if ($temp_row['module_basename'] && $temp_row['module_enabled'])
{
$empty_category = false;
break;
@ -168,15 +168,15 @@ class p_master
// We need to prefix the functions to not create a naming conflict
// Function for building 'url_extra'
$url_func = '_module_' . $row['module_name'] . '_url';
$url_func = '_module_' . $row['module_basename'] . '_url';
// Function for building the language name
$lang_func = '_module_' . $row['module_name'] . '_lang';
$lang_func = '_module_' . $row['module_basename'] . '_lang';
// Custom function for calling parameters on module init (for example assigning template variables)
$custom_func = '_module_' . $row['module_name'];
$custom_func = '_module_' . $row['module_basename'];
$names[$row['module_name'] . '_' . $row['module_mode']][] = true;
$names[$row['module_basename'] . '_' . $row['module_mode']][] = true;
$module_row = array(
'depth' => $depth,
@ -185,15 +185,15 @@ class p_master
'parent' => (int) $row['parent_id'],
'cat' => ($row['right_id'] > $row['left_id'] + 1) ? true : false,
'is_duplicate' => ($row['module_name'] && sizeof($names[$row['module_name'] . '_' . $row['module_mode']]) > 1) ? true : false,
'is_duplicate' => ($row['module_basename'] && sizeof($names[$row['module_basename'] . '_' . $row['module_mode']]) > 1) ? true : false,
'name' => (string) $row['module_name'],
'name' => (string) $row['module_basename'],
'mode' => (string) $row['module_mode'],
'display' => (int) $row['module_display'],
'url_extra' => (function_exists($url_func)) ? $url_func($row['module_mode']) : '',
'lang' => ($row['module_name'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
'lang' => ($row['module_basename'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
'langname' => $row['module_langname'],
'left' => $row['left_id'],
@ -239,6 +239,7 @@ class p_master
function set_active($id = false, $mode = false)
{
$icat = false;
$this->active_module = false;
if (request_var('icat', ''))
{
@ -247,20 +248,20 @@ class p_master
}
$category = false;
foreach ($this->module_ary as $row_id => $itep_ary)
foreach ($this->module_ary as $row_id => $item_ary)
{
// If this is a module and it's selected, active
// If this is a category and the module is the first within it, active
// If this is a module and no mode selected, select first mode
// If no category or module selected, go active for first module in first category
if (
(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (($itep_ary['mode'] == $mode && !$itep_ary['cat']) || ($icat && $itep_ary['cat']))) ||
($itep_ary['parent'] === $category && !$itep_ary['cat'] && !$icat) ||
(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && !$mode && !$itep_ary['cat']) ||
(!$id && !$mode && !$itep_ary['cat'])
(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (($item_ary['mode'] == $mode && !$item_ary['cat']) || ($icat && $item_ary['cat']))) ||
($item_ary['parent'] === $category && !$item_ary['cat'] && !$icat) ||
(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && !$mode && !$item_ary['cat']) ||
(!$id && !$mode && !$item_ary['cat'])
)
{
if ($itep_ary['cat'])
if ($item_ary['cat'])
{
$id = $icat;
$icat = false;
@ -268,20 +269,21 @@ class p_master
continue;
}
$this->p_id = $itep_ary['id'];
$this->p_parent = $itep_ary['parent'];
$this->p_name = $itep_ary['name'];
$this->p_mode = $itep_ary['mode'];
$this->p_left = $itep_ary['left'];
$this->p_right = $itep_ary['right'];
$this->p_id = $item_ary['id'];
$this->p_parent = $item_ary['parent'];
$this->p_name = $item_ary['name'];
$this->p_mode = $item_ary['mode'];
$this->p_left = $item_ary['left'];
$this->p_right = $item_ary['right'];
$this->module_cache['parents'] = $this->module_cache['parents'][$this->p_id];
$this->active_module = $item_ary['id'];
break;
}
else if (($itep_ary['cat'] && $itep_ary['id'] === (int) $id) || ($itep_ary['parent'] === $category && $itep_ary['cat']))
else if (($item_ary['cat'] && $item_ary['id'] === (int) $id) || ($item_ary['parent'] === $category && $item_ary['cat']))
{
$category = $itep_ary['id'];
$category = $item_ary['id'];
}
}
}
@ -298,6 +300,11 @@ class p_master
$module_path = $phpbb_root_path . 'includes/' . $this->p_class;
$icat = request_var('icat', '');
if ($this->active_module === false)
{
trigger_error('Module not accessible', E_USER_ERROR);
}
if (!class_exists("{$this->p_class}_$this->p_name"))
{
if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx"))
@ -464,10 +471,10 @@ class p_master
// 1) In a linear fashion
// 2) In a combined tabbed + linear fashion ... tabs for the categories
// and a linear list for subcategories/items
foreach ($this->module_ary as $row_id => $itep_ary)
foreach ($this->module_ary as $row_id => $item_ary)
{
// Skip hidden modules
if (!$itep_ary['display'])
if (!$item_ary['display'])
{
continue;
}
@ -475,7 +482,7 @@ class p_master
// Skip branch
if ($right_id !== false)
{
if ($itep_ary['left'] < $right_id)
if ($item_ary['left'] < $right_id)
{
continue;
}
@ -484,14 +491,14 @@ class p_master
}
// Category with no members on their way down (we have to check every level)
if (!$itep_ary['name'])
if (!$item_ary['name'])
{
$empty_category = true;
// We go through the branch and look for an activated module
foreach (array_slice($this->module_ary, $row_id + 1) as $temp_row)
{
if ($temp_row['left'] > $itep_ary['left'] && $temp_row['left'] < $itep_ary['right'])
if ($temp_row['left'] > $item_ary['left'] && $temp_row['left'] < $item_ary['right'])
{
// Module there and displayed?
if ($temp_row['name'] && $temp_row['display'])
@ -507,18 +514,18 @@ class p_master
// Skip the branch
if ($empty_category)
{
$right_id = $itep_ary['right'];
$right_id = $item_ary['right'];
continue;
}
}
// Select first id we can get
if (!$current_id && (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id))
if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
{
$current_id = $itep_ary['id'];
$current_id = $item_ary['id'];
}
$depth = $itep_ary['depth'];
$depth = $item_ary['depth'];
if ($depth > $current_depth)
{
@ -534,30 +541,30 @@ class p_master
}
}
$u_title = $module_url . $delim . 'i=' . (($itep_ary['cat']) ? $itep_ary['id'] : $itep_ary['name'] . (($itep_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $itep_ary['mode']);
$u_title .= (!$itep_ary['cat'] && isset($itep_ary['url_extra'])) ? $itep_ary['url_extra'] : '';
$u_title = $module_url . $delim . 'i=' . (($item_ary['cat']) ? $item_ary['id'] : $item_ary['name'] . (($item_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $item_ary['mode']);
$u_title .= (!$item_ary['cat'] && isset($item_ary['url_extra'])) ? $item_ary['url_extra'] : '';
// Only output a categories items if it's currently selected
if (!$depth || ($depth && (in_array($itep_ary['parent'], array_values($this->module_cache['parents'])) || $itep_ary['parent'] == $this->p_parent)))
if (!$depth || ($depth && (in_array($item_ary['parent'], array_values($this->module_cache['parents'])) || $item_ary['parent'] == $this->p_parent)))
{
$use_tabular_offset = (!$depth) ? 't_block1' : $tabular_offset;
$tpl_ary = array(
'L_TITLE' => $itep_ary['lang'],
'S_SELECTED' => (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
'L_TITLE' => $item_ary['lang'],
'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
'U_TITLE' => $u_title
);
$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
}
$tpl_ary = array(
'L_TITLE' => $itep_ary['lang'],
'S_SELECTED' => (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
'L_TITLE' => $item_ary['lang'],
'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
'U_TITLE' => $u_title
);
$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
$current_depth = $depth;
}
@ -594,6 +601,9 @@ class p_master
$this->p_class = $class;
$this->p_name = $name;
// Set active module to true instead of using the id
$this->active_module = true;
$this->load_active($mode);
}
@ -633,9 +643,9 @@ class p_master
*/
function set_display($id, $mode = false, $display = true)
{
foreach ($this->module_ary as $row_id => $itep_ary)
foreach ($this->module_ary as $row_id => $item_ary)
{
if (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (!$mode || $itep_ary['mode'] === $mode))
if (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (!$mode || $item_ary['mode'] === $mode))
{
$this->module_ary[$row_id]['display'] = (int) $display;
}

96
phpBB/includes/functions_posting.php
View file

@ -114,9 +114,9 @@ function update_post_information($type, $ids, $return_update_sql = false)
$update_sql = $empty_forums = array();
$sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id
FROM ' . POSTS_TABLE . "
FROM ' . POSTS_TABLE . '
WHERE post_approved = 1
AND {$type}_id IN (" . implode(', ', $ids) . ")
AND ' . $db->sql_in_set($type . '_id', $ids) . "
GROUP BY {$type}_id";
$result = $db->sql_query($sql);
@ -150,7 +150,7 @@ function update_post_information($type, $ids, $return_update_sql = false)
$sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_time, p.poster_id, p.post_username, u.user_id, u.username
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.poster_id = u.user_id
AND p.post_id IN (' . implode(', ', $last_post_ids) . ')';
AND ' . $db->sql_in_set('p.post_id', $last_post_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -339,9 +339,18 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
$file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);
}
// Admins and mods are allowed to exceed the allowed filesize
if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id))
{
$allowed_filesize = ($extensions[$file->get('extension')]['max_filesize'] != 0) ? $extensions[$file->get('extension')]['max_filesize'] : (($is_message) ? $config['max_filesize_pm'] : $config['max_filesize']);
if (!empty($extensions[$file->get('extension')]['max_filesize']))
{
$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
}
else
{
$allowed_filesize = ($is_message) ? $config['max_filesize_pm'] : $config['max_filesize'];
}
$file->upload->set_max_filesize($allowed_filesize);
}
@ -521,9 +530,10 @@ function create_thumbnail($source, $destination, $mimetype)
$used_imagick = false;
if ($config['img_imagick'])
// Only use imagemagick if defined and the passthru function not disabled
if ($config['img_imagick'] && function_exists('passthru'))
{
passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
if (file_exists($destination))
{
$used_imagick = true;
@ -572,6 +582,12 @@ function create_thumbnail($source, $destination, $mimetype)
imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
}
// If we are in safe mode create the destination file prior to using the gd functions to circumvent a PHP bug
if (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on')
{
@touch($destination);
}
switch ($type['format'])
{
case IMG_GIF:
@ -666,7 +682,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
$template->assign_block_vars('attach_row', array(
'FILENAME' => basename($attach_row['real_filename']),
'ATTACH_FILENAME' => basename($attach_row['physical_filename']),
'FILE_COMMENT' => $attach_row['comment'],
'FILE_COMMENT' => $attach_row['attach_comment'],
'ATTACH_ID' => $attach_row['attach_id'],
'ASSOC_INDEX' => $count,
@ -741,7 +757,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
{
$sql = 'SELECT topic_id, forum_id, topic_title
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -822,11 +838,11 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
return false;
}
$bbcode_bitfield = 0;
$bbcode_bitfield = '';
do
{
$rowset[] = $row;
$bbcode_bitfield |= $row['bbcode_bitfield'];
$bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']);
}
while ($row = $db->sql_fetchrow($result));
$db->sql_freeresult($result);
@ -876,7 +892,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
$template->assign_block_vars($mode . '_row', array(
'POSTER_NAME' => $poster,
'POST_SUBJECT' => $post_subject,
'MINI_POST_IMG' => $user->img('icon_post', $user->lang['POST']),
'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']),
'POST_DATE' => $user->format_date($row['post_time']),
'MESSAGE' => str_replace("\n", '<br />', $message),
'DECODED_MESSAGE' => $decoded_message,
@ -891,7 +907,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
if ($mode == 'topic_review')
{
$template->assign_var('QUOTE_IMG', $user->img('btn_quote', $user->lang['REPLY_WITH_QUOTE']));
$template->assign_var('QUOTE_IMG', $user->img('icon_post_quote', $user->lang['REPLY_WITH_QUOTE']));
}
return true;
@ -1093,7 +1109,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . "
SET notify_status = 1
WHERE topic_id = $topic_id
AND user_id IN (" . implode(', ', $update_notification['topic']) . ")";
AND " . $db->sql_in_set('user_id', $update_notification['topic']);
$db->sql_query($sql);
}
@ -1102,7 +1118,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . "
SET notify_status = 1
WHERE forum_id = $forum_id
AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
AND " . $db->sql_in_set('user_id', $update_notification['forum']);
$db->sql_query($sql);
}
@ -1111,7 +1127,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")";
AND " . $db->sql_in_set('user_id', $delete_ids['topic']);
$db->sql_query($sql);
}
@ -1119,7 +1135,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . "
WHERE forum_id = $forum_id
AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")";
AND " . $db->sql_in_set('user_id', $delete_ids['forum']);
$db->sql_query($sql);
}
@ -1165,7 +1181,6 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
{
case 'delete_topic':
delete_topics('topic_id', array($topic_id), false);
set_config('num_topics', $config['num_topics'] - 1, true);
if ($data['topic_type'] != POST_GLOBAL)
{
@ -1258,8 +1273,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
break;
}
$sql_data[USERS_TABLE] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : '';
set_config('num_posts', $config['num_posts'] - 1, true);
// $sql_data[USERS_TABLE] = ($data['post_postcount']) ? 'user_posts = user_posts - 1' : '';
$db->sql_transaction('begin');
@ -1338,6 +1352,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'edit_topic' : (($data['topic_first_post_id'] == $data['post_id']) ? 'edit_first_post' : (($data['topic_last_post_id'] == $data['post_id']) ? 'edit_last_post' : 'edit'));
}
// First of all make sure the subject and topic title are having the correct length.
// To achive this without cutting off between special chars we convert to an array and then count the elements.
$subject = truncate_string($subject);
$data['topic_title'] = truncate_string($data['topic_title']);
// Collect some basic informations about which tables and which rows to update/insert
$sql_data = array();
$poster_id = ($mode == 'edit') ? $data['poster_id'] : (int) $user->data['user_id'];
@ -1366,6 +1385,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'post_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
'bbcode_bitfield' => $data['bbcode_bitfield'],
'bbcode_uid' => $data['bbcode_uid'],
'post_postcount' => ($auth->acl_get('f_postcount', $data['forum_id'])) ? 1 : 0,
'post_edit_locked' => $data['post_edit_locked']
);
break;
@ -1529,8 +1549,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
);
}
$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .
$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
$db->sql_query($sql);
$data['post_id'] = $db->sql_nextid();
@ -1695,7 +1714,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
{
// update entry in db if attachment already stored in db and filespace
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
SET comment = '" . $db->sql_escape($attach_row['comment']) . "'
SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
WHERE attach_id = " . (int) $attach_row['attach_id'];
$db->sql_query($sql);
}
@ -1714,7 +1733,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'poster_id' => $poster_id,
'physical_filename' => basename($attach_row['physical_filename']),
'real_filename' => basename($attach_row['real_filename']),
'comment' => $attach_row['comment'],
'attach_comment' => $attach_row['attach_comment'],
'extension' => $attach_row['extension'],
'mimetype' => $attach_row['mimetype'],
'filesize' => $attach_row['filesize'],
@ -1843,7 +1862,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
trigger_error($error);
}
$search->index($mode, $data['post_id'], $data['message'], $subject, $poster_id);
$search->index($mode, $data['post_id'], $data['message'], $subject, $user->lang['ENCODING'], $poster_id, ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id']);
}
$db->sql_transaction('commit');
@ -1886,6 +1905,35 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
// We do not use post_time here, this is intended (post_time can have a date in the past if editing a message)
markread('topic', $data['forum_id'], $data['topic_id'], time());
//
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
$sql = 'SELECT mark_time
FROM ' . FORUMS_TRACK_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . '
AND forum_id = ' . $data['forum_id'];
$result = $db->sql_query($sql);
$f_mark_time = (int) $db->sql_fetchfield('mark_time');
$db->sql_freeresult($result);
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$f_mark_time = false;
}
if ($config['load_db_lastread'] || $config['load_anon_lastread'] || $user->data['is_registered'])
{
// Update forum info
$sql = 'SELECT forum_last_post_time
FROM ' . FORUMS_TABLE . '
WHERE forum_id = ' . $data['forum_id'];
$result = $db->sql_query($sql);
$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
$db->sql_freeresult($result);
update_forum_tracking_info($data['forum_id'], $forum_last_post_time, $f_mark_time, false);
}
// Send Notifications
if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
{

164
phpBB/includes/functions_privmsgs.php
View file

@ -86,8 +86,8 @@ $global_privmsgs_rules = array(
),
CHECK_STATUS => array(
RULE_ANSWERED => array('check0' => 'replied', 'function' => '{CHECK0} == 1'),
RULE_FORWARDED => array('check0' => 'forwarded', 'function' => '{CHECK0} == 1'),
RULE_ANSWERED => array('check0' => 'pm_replied', 'function' => '{CHECK0} == 1'),
RULE_FORWARDED => array('check0' => 'pm_forwarded', 'function' => '{CHECK0} == 1'),
),
CHECK_TO => array(
@ -121,7 +121,7 @@ function get_folder($user_id, $folder_id = false)
$folder = array();
// Get folder informations
$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(unread) as num_unread
$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(pm_unread) as num_unread
FROM ' . PRIVMSGS_TO_TABLE . "
WHERE user_id = $user_id
AND folder_id <> " . PRIVMSGS_NO_BOX . '
@ -262,7 +262,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
// Replace Rule Literals
$evaluate = preg_replace('/{(STRING|USER_ID|GROUP_ID)}/', '$rule_row["rule_" . strtolower("\1")]', $evaluate);
// Eval Statement
// Evil Statement
$result = false;
eval('$result = (' . $evaluate . ') ? true : false;');
@ -280,7 +280,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
case ACTION_MARK_AS_READ:
case ACTION_MARK_AS_IMPORTANT:
case ACTION_DELETE_MESSAGE:
return array('action' => $rule_row['rule_action'], 'unread' => $message_row['unread'], 'marked' => $message_row['marked']);
return array('action' => $rule_row['rule_action'], 'pm_unread' => $message_row['pm_unread'], 'pm_marked' => $message_row['pm_marked']);
break;
default:
@ -387,7 +387,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
{
$sql = 'SELECT *
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(', ', $user_ids) . ')
WHERE ' . $db->sql_in_set('user_id', $user_ids) . '
AND user_pending = 0';
$result = $db->sql_query($sql);
@ -447,18 +447,24 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
switch ($rule_ary['action'])
{
case ACTION_PLACE_INTO_FOLDER:
// Folder actions have precedence, so we will remove any other ones
$folder_action = true;
$_folder_id = (int) $rule_ary['folder_id'];
$move_into_folder = array();
$move_into_folder[$_folder_id][] = $msg_id;
$num_new++;
break;
case ACTION_MARK_AS_READ:
if ($rule_ary['unread'])
if ($rule_ary['pm_unread'])
{
$unread_ids[] = $msg_id;
}
$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
if (!$folder_action)
{
$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
}
break;
case ACTION_DELETE_MESSAGE:
@ -466,11 +472,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
break;
case ACTION_MARK_AS_IMPORTANT:
if (!$rule_ary['marked'])
if (!$rule_ary['pm_marked'])
{
$important_ids[] = $msg_id;
}
$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
if (!$folder_action)
{
$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
}
break;
}
}
@ -495,8 +505,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
if (sizeof($unread_ids))
{
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET unread = 0
WHERE msg_id IN (' . implode(', ', $unread_ids) . ")
SET pm_unread = 0
WHERE ' . $db->sql_in_set('msg_id', $unread_ids) . "
AND user_id = $user_id
AND folder_id = " . PRIVMSGS_NO_BOX;
$db->sql_query($sql);
@ -506,10 +516,10 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
if (sizeof($important_ids))
{
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET marked = !marked
SET pm_marked = !pm_marked
WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $important_ids) . ')';
AND " . $db->sql_in_set('msg_id', $important_ids);
$db->sql_query($sql);
}
@ -521,9 +531,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
// Determine Full Folder Action - we need the move to folder id later eventually
$full_folder_action = ($user->data['user_full_folder'] == FULL_FOLDER_NONE) ? ($config['full_folder_action'] - (FULL_FOLDER_NONE*(-1))) : $user->data['user_full_folder'];
$sql_folder = array_keys($move_into_folder);
if ($full_folder_action >= 0)
{
$sql_folder[] = $full_folder_action;
}
$sql = 'SELECT folder_id, pm_count
FROM ' . PRIVMSGS_FOLDER_TABLE . '
WHERE folder_id IN (' . implode(', ', array_keys($move_into_folder)) . (($full_folder_action >= 0) ? ', ' . $full_folder_action : '') . ")
WHERE ' . $db->sql_in_set('folder_id', $sql_folder) . "
AND user_id = $user_id";
$result = $db->sql_query($sql);
@ -533,6 +549,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
}
$db->sql_freeresult($result);
unset($sql_folder);
if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
{
$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages
@ -586,6 +604,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
$delete_ids[] = $row['msg_id'];
}
$db->sql_freeresult($result);
delete_pm($user_id, $delete_ids, $dest_folder);
}
}
@ -594,21 +613,22 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
if ($full_folder_action == FULL_FOLDER_HOLD)
{
$num_not_moved += sizeof($msg_ary);
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET folder_id = ' . PRIVMSGS_HOLD_BOX . '
WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $msg_ary) . ')';
AND " . $db->sql_in_set('msg_id', $msg_ary);
$db->sql_query($sql);
}
else
{
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
SET folder_id = $dest_folder, new = 0
SET folder_id = $dest_folder, pm_new = 0
WHERE folder_id = " . PRIVMSGS_NO_BOX . "
AND user_id = $user_id
AND new = 1
AND msg_id IN (" . implode(', ', $msg_ary) . ')';
AND pm_new = 1
AND " . $db->sql_in_set('msg_id', $msg_ary);
$db->sql_query($sql);
if ($dest_folder != PRIVMSGS_INBOX)
@ -633,7 +653,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET folder_id = ' . PRIVMSGS_SENTBOX . '
WHERE folder_id = ' . PRIVMSGS_OUTBOX . '
AND msg_id IN (' . implode(', ', array_keys($action_ary)) . ')';
AND ' . $db->sql_in_set('msg_id', array_keys($action_ary));
$db->sql_query($sql);
}
@ -718,7 +738,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
SET folder_id = $dest_folder
WHERE folder_id = $cur_folder_id
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $move_msg_ids) . ')';
AND " . $db->sql_in_set('msg_id', $move_msg_ids);
$db->sql_query($sql);
$num_moved = $db->sql_affectedrows();
@ -761,7 +781,7 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id)
global $db;
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
SET unread = 0
SET pm_unread = 0
WHERE msg_id = $msg_id
AND user_id = $user_id
AND folder_id = $folder_id";
@ -794,10 +814,10 @@ function handle_mark_actions($user_id, $mark_action)
case 'mark_important':
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
SET marked = !marked
SET pm_marked = !pm_marked
WHERE folder_id = $cur_folder_id
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $msg_ids) . ')';
AND " . $db->sql_in_set('msg_id', $msg_ids);
$db->sql_query($sql);
break;
@ -865,9 +885,9 @@ function delete_pm($user_id, $msg_ids, $folder_id)
}
// Get PM Informations for later deleting
$sql = 'SELECT msg_id, unread, new
$sql = 'SELECT msg_id, pm_unread, pm_new
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id IN (' . implode(', ', array_map('intval', $msg_ids)) . ")
WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . "
AND folder_id = $folder_id
AND user_id = $user_id";
$result = $db->sql_query($sql);
@ -876,8 +896,8 @@ function delete_pm($user_id, $msg_ids, $folder_id)
$num_unread = $num_new = $num_deleted = 0;
while ($row = $db->sql_fetchrow($result))
{
$num_unread += (int) $row['unread'];
$num_new += (int) $row['new'];
$num_unread += (int) $row['pm_unread'];
$num_new += (int) $row['pm_new'];
$delete_rows[$row['msg_id']] = 1;
}
@ -896,19 +916,19 @@ function delete_pm($user_id, $msg_ids, $folder_id)
// Remove PM from Outbox
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
WHERE user_id = $user_id AND folder_id = " . PRIVMSGS_OUTBOX . '
AND msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
AND ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
// Update PM Information for safety
$sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = ''
WHERE msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
WHERE " . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
// Set delete flag for those intended to receive the PM
// We do not remove the message actually, to retain some basic informations (sent time for example)
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET deleted = 1
WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
SET pm_deleted = 1
WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
$num_deleted = $db->sql_affectedrows();
@ -919,7 +939,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
WHERE user_id = $user_id
AND folder_id = $folder_id
AND msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
AND " . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
$num_deleted = $db->sql_affectedrows();
}
@ -949,7 +969,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
// Now we have to check which messages we can delete completely
$sql = 'SELECT msg_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -958,12 +978,12 @@ function delete_pm($user_id, $msg_ids, $folder_id)
}
$db->sql_freeresult($result);
$delete_ids = implode(', ', array_keys($delete_rows));
$delete_ids = array_keys($delete_rows);
if ($delete_ids)
if (sizeof($delete_ids))
{
$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
WHERE msg_id IN (' . $delete_ids . ')';
WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
$db->sql_query($sql);
}
@ -1039,7 +1059,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
$sql = 'SELECT user_id, username, user_colour
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $u) . ')
WHERE ' . $db->sql_in_set('user_id', $u) . '
AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
$result = $db->sql_query($sql);
@ -1066,7 +1086,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
$sql = 'SELECT group_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $g) . ')';
WHERE ' . $db->sql_in_set('group_id', $g);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1082,7 +1102,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
WHERE g.group_id IN (' . implode(', ', $g) . ')
WHERE ' . $db->sql_in_set('g.group_id', $g) . '
AND g.group_id = ug.group_id
AND ug.user_pending = 0';
$result = $db->sql_query($sql);
@ -1222,7 +1242,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
{
$sql = 'SELECT group_id, user_id
FROM ' . USER_GROUP_TABLE . '
WHERE group_id IN (' . implode(', ', array_keys($data['address_list']['g'])) . ')
WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . '
AND user_pending = 0';
$result = $db->sql_query($sql);
@ -1250,7 +1270,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
// Set message_replied switch for this user
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET replied = 1
SET pm_replied = 1
WHERE user_id = ' . $data['from_user_id'] . '
AND msg_id = ' . $data['reply_from_msg_id'];
@ -1300,6 +1320,8 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
if (sizeof($sql_data))
{
$query = '';
if ($mode == 'post' || $mode == 'reply' || $mode == 'quote' || $mode == 'quotepost' || $mode == 'forward')
{
$db->sql_query('INSERT INTO ' . PRIVMSGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data));
@ -1328,13 +1350,13 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
foreach ($recipients as $user_id => $type)
{
$sql_ary[] = array(
'msg_id' => (int) $data['msg_id'],
'user_id' => (int) $user_id,
'author_id' => (int) $data['from_user_id'],
'folder_id' => PRIVMSGS_NO_BOX,
'new' => 1,
'unread' => 1,
'forwarded' => ($mode == 'forward') ? 1 : 0
'msg_id' => (int) $data['msg_id'],
'user_id' => (int) $user_id,
'author_id' => (int) $data['from_user_id'],
'folder_id' => PRIVMSGS_NO_BOX,
'pm_new' => 1,
'pm_unread' => 1,
'pm_forwarded' => ($mode == 'forward') ? 1 : 0
);
}
@ -1359,20 +1381,20 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1, user_last_privmsg = ' . time() . '
WHERE user_id IN (' . implode(', ', array_keys($recipients)) . ')';
WHERE ' . $db->sql_in_set('user_id', array_keys($recipients));
$db->sql_query($sql);
// Put PM into outbox
if ($put_in_outbox)
{
$db->sql_query('INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'msg_id' => (int) $data['msg_id'],
'user_id' => (int) $data['from_user_id'],
'author_id' => (int) $data['from_user_id'],
'folder_id' => PRIVMSGS_OUTBOX,
'new' => 0,
'unread' => 0,
'forwarded' => ($mode == 'forward') ? 1 : 0))
'msg_id' => (int) $data['msg_id'],
'user_id' => (int) $data['from_user_id'],
'author_id' => (int) $data['from_user_id'],
'folder_id' => PRIVMSGS_OUTBOX,
'pm_new' => 0,
'pm_unread' => 0,
'pm_forwarded' => ($mode == 'forward') ? 1 : 0))
);
}
@ -1401,7 +1423,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
{
// update entry in db if attachment already stored in db and filespace
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
SET comment = '" . $db->sql_escape($attach_row['comment']) . "'
SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
WHERE attach_id = " . (int) $attach_row['attach_id'];
$db->sql_query($sql);
}
@ -1415,7 +1437,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
'poster_id' => $data['from_user_id'],
'physical_filename' => basename($attach_row['physical_filename']),
'real_filename' => basename($attach_row['real_filename']),
'comment' => $attach_row['comment'],
'attach_comment' => $attach_row['attach_comment'],
'extension' => $attach_row['extension'],
'mimetype' => $attach_row['mimetype'],
'filesize' => $attach_row['filesize'],
@ -1477,19 +1499,23 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
$subject = censor_text($subject);
unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);
if (!sizeof($recipients))
{
return;
}
// Get banned User ID's
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE;
FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . '
AND ban_exclude = 0';
$result = $db->sql_query($sql);
unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);
while ($row = $db->sql_fetchrow($result))
{
if (isset($row['ban_userid']))
{
unset($recipients[$row['ban_userid']]);
}
unset($recipients[$row['ban_userid']]);
}
$db->sql_freeresult($result);
@ -1498,11 +1524,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
return;
}
$recipient_list = implode(', ', array_keys($recipients));
$sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber
FROM ' . USERS_TABLE . "
WHERE user_id IN ($recipient_list)";
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients)));
$result = $db->sql_query($sql);
$msg_list_ary = array();

35
phpBB/includes/functions_profile_fields.php
View file

@ -230,7 +230,7 @@ class custom_profile
}
else
{
$sql = 'SELECT option_id, value
$sql = 'SELECT option_id, lang_value
FROM ' . PROFILE_FIELDS_LANG_TABLE . "
WHERE field_id = $field_id
AND lang_id = $lang_id
@ -240,7 +240,7 @@ class custom_profile
while ($row = $db->sql_fetchrow($result))
{
$this->options_lang[$field_id][$lang_id][($row['option_id'] + 1)] = $row['value'];
$this->options_lang[$field_id][$lang_id][($row['option_id'] + 1)] = $row['lang_value'];
}
$db->sql_freeresult($result);
}
@ -286,8 +286,8 @@ class custom_profile
while ($row = $db->sql_fetchrow($result))
{
$cp_data[$row['field_ident']] = $this->get_profile_field($row);
$check_value = $cp_data[$row['field_ident']];
$cp_data['_' . $row['field_ident']] = $this->get_profile_field($row);
$check_value = $cp_data['_' . $row['field_ident']];
if (($cp_result = $this->validate_profile_field($row['field_type'], $check_value, $row)) !== false)
{
@ -358,14 +358,14 @@ class custom_profile
$this->build_cache();
}
if (!implode(', ', $user_id))
if (!sizeof($user_id))
{
return array();
}
$sql = 'SELECT *
FROM ' . PROFILE_FIELDS_DATA_TABLE . '
WHERE user_id IN (' . implode(', ', array_map('intval', $user_id)) . ')';
WHERE ' . $db->sql_in_set('user_id', array_map('intval', $user_id));
$result = $db->sql_query($sql);
$field_data = array();
@ -382,7 +382,7 @@ class custom_profile
{
foreach ($field_data as $user_id => $row)
{
$user_fields[$user_id][$used_ident]['value'] = $row[$used_ident];
$user_fields[$user_id][$used_ident]['value'] = $row['_' . $used_ident];
$user_fields[$user_id][$used_ident]['data'] = $this->profile_cache[$used_ident];
}
}
@ -494,7 +494,15 @@ class custom_profile
return NULL;
}
return $this->options_lang[$field_id][$lang_id][(int) $value];
$value = (int) $value;
// User not having a value assigned
if (!isset($this->options_lang[$field_id][$lang_id][$value]))
{
return NULL;
}
return $this->options_lang[$field_id][$lang_id][$value];
break;
case 'bool':
@ -534,7 +542,7 @@ class custom_profile
global $user;
$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
$user_ident = str_replace('pf_', '', $profile_row['field_ident']);
$user_ident = '_' . str_replace('pf_', '', $profile_row['field_ident']);
// checkbox - only testing for isset
if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)
@ -601,7 +609,7 @@ class custom_profile
global $user, $template;
$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
$user_ident = str_replace('pf_', '', $profile_row['field_ident']);
$user_ident = '_' . str_replace('pf_', '', $profile_row['field_ident']);
$now = getdate();
@ -779,13 +787,13 @@ class custom_profile
$sql_not_in = array();
foreach ($cp_data as $key => $null)
{
$sql_not_in[] = "'" . $db->sql_escape($key) . "'";
$sql_not_in[] = (strncmp($key, '_', 1) === 0) ? substr($key, 1) : $key;
}
$sql = 'SELECT f.field_type, f.field_ident, f.field_default_value, l.lang_default_value
FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f
WHERE l.lang_id = ' . $user->get_iso_lang_id() . '
' . ((sizeof($sql_not_in)) ? ' AND f.field_ident NOT IN (' . implode(', ', $sql_not_in) . ')' : '') . '
' . ((sizeof($sql_not_in)) ? ' AND ' . $db->sql_in_set('f.field_ident', $sql_not_in, true) : '') . '
AND l.field_id = f.field_id';
$result = $db->sql_query($sql);
@ -796,7 +804,8 @@ class custom_profile
$now = getdate();
$row['field_default_value'] = sprintf('%2d-%2d-%4d', $now['mday'], $now['mon'], $now['year']);
}
$cp_data[$row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
$cp_data['_' . $row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
}
$db->sql_freeresult($result);

92
phpBB/includes/functions_template.php
View file

@ -68,6 +68,89 @@ class template_compile
$this->compile_write($handle, $this->template->compiled_code[$handle]);
}
/**
* Straight-forward strategy: use PHP's tokenizer to escape everything that
* looks like a PHP tag.
*
* We open/close PHP tags at the beginning of the template to clearly indicate
* that we are in HTML mode. If we find a PHP tag, we escape it then we reiterate
* over the whole file. That can become quite slow if the file is stuffed with
* <?php tags, but there's only so much we can do.
*
* Known issue: templates need to be rechecked everytime the value of the php.ini
* settings asp_tags or short_tags are changed
*/
function remove_php_tags(&$code)
{
if (!function_exists('token_get_all'))
{
/**
* If the tokenizer extension is not available, try to load it and if
* it's still not available we fall back to some pattern replacement.
*
* Note that the pattern replacement may affect the well-formedness
* of the HTML if a PHP tag is found because even if we escape PHP
* opening tags we do NOT escape PHP closing tags and cannot do so
* reliably without the use of a full-blown tokenizer.
*
* The bottom line is, a template should NEVER contain PHP because it
* would comprise the security of the installation, that's why we
* prevent it from being executed. Our job is to secure the installation,
* not fix unsecure templates. if a template contains some PHP then it
* should not be used at all.
*/
@dl('tokenizer');
if (!function_exists('token_get_all'))
{
$match = array(
'\\?php[\n\r\s\t]+',
'[\\?%]=',
'[\\?%][^\w]',
'script[\n\r\s\t]+language[\n\r\s\t]*=[\n\r\s\t]*[\'"]php[\'"]'
);
$code = preg_replace('#<(' . implode('|', $match) . ')#is', '&lt;$1', $code);
return;
}
}
do
{
$tokens = token_get_all('<?php ?>' . $code);
$code = '';
$php_found = false;
foreach ($tokens as $i => $token)
{
if (!is_array($token))
{
$code .= $token;
}
else if ($token[0] == T_OPEN_TAG || $token[0] == T_OPEN_TAG_WITH_ECHO || $token[0] == T_CLOSE_TAG)
{
if ($i > 1)
{
$code .= htmlspecialchars($token[1]);
$php_found = true;
}
}
else
{
$code .= $token[1];
}
}
unset($tokens);
// Fix for a tokenizer oddity
if (!strncmp($code, '<?php ?&gt;', 11))
{
$code = substr($code, 11);
}
}
while ($php_found);
}
/**
* The all seeing all doing compile method. Parts are inspired by or directly from Smarty
* @access: private
@ -86,8 +169,13 @@ class template_compile
// php is a no-no. There is a potential issue here in that non-php
// content may be removed ... however designers should use entities
// if they wish to display < and >
$match_php_tags = array('#\<\?php .*?\?\>#is', '#\<\script language="php"\>.*?\<\/script\>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
/*
$match_php_tags = array('#\<\?php.*?\?\>#is', '#<[^\w<]*(script)(((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?(language[^<>\'"]+("[^"]*php[^"]*"|\'[^\']*php[^\']*\'))((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?)?>.*?</script>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
$code = preg_replace($match_php_tags, '', $code);
*/
// An alternative to the above would be calling this function which would be the ultimate solution but also has its drawbacks.
$this->remove_php_tags($code);
// Pull out all block/statement level elements and seperate plain text
preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches);
@ -464,7 +552,7 @@ class template_compile
{
preg_match('#^((?:[a-z0-9\-_]+\.)+)?\$(?=[A-Z])([A-Z0-9_\-]*)(?: = (\'?)([^\']*)(\'?))?$#', $tag_args, $match);
if (empty($match[2]) || (empty($match[4]) && $op))
if (empty($match[2]) || (!isset($match[4]) && $op))
{
return;
}

28
phpBB/includes/functions_transfer.php
View file

@ -245,7 +245,7 @@ class ftp extends transfer
// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (/ at the end)
$this->root_path = str_replace('\\', '/', $this->root_path);
$this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
$this->root_path = (($root_path{0} != '/' ) ? '/' : '') . $root_path . ((substr($root_path, -1, 1) == '/') ? '' : '/');
// Init some needed values
transfer::transfer();
@ -321,7 +321,7 @@ class ftp extends transfer
}
/**
* Remove directory (RMDIR)
* Rename file
* @access: private
*/
function _rename($old_handle, $new_handle)
@ -460,7 +460,7 @@ class ftp_fsock extends transfer
// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end)
$this->root_path = str_replace('\\', '/', $this->root_path);
$this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
$this->root_path = (($root_path{0} != '/' ) ? '/' : '') . $root_path . ((substr($root_path, -1, 1) == '/') ? '' : '/');
// Init some needed values
transfer::transfer();
@ -542,6 +542,16 @@ class ftp_fsock extends transfer
return $this->_send_command('RMD', $dir);
}
/**
* Rename File
* @access: private
*/
function _rename($old_handle, $new_handle)
{
$this->_send_command('RNFR', $old_handle);
return $this->_send_command('RNTO', $new_handle);
}
/**
* Change current working directory (CHDIR)
* @access: private
@ -562,7 +572,7 @@ class ftp_fsock extends transfer
*/
function _chmod($file, $perms)
{
return $this->_send_command('SITE CHMOD', $perms . ' ' . $file);;
return $this->_send_command('SITE CHMOD', $perms . ' ' . $file);
}
/**
@ -579,19 +589,19 @@ class ftp_fsock extends transfer
return false;
}
$this->_putcmd('STOR', $to_file, false);
// open the connection to send file over
if (!$this->_open_data_connection())
{
return false;
}
$this->_send_command('STOR', $to_file, false);
// send the file
$fp = @fopen($from_file, 'rb');
while (!@feof($fp))
{
@fwrite($$this->data_connection, @fread($fp, 4096));
@fwrite($this->data_connection, @fread($fp, 4096));
}
@fclose($fp);
@ -710,7 +720,7 @@ class ftp_fsock extends transfer
{
return false;
}
@stream_set_timeout($$this->data_connection, $this->timeout);
@stream_set_timeout($this->data_connection, $this->timeout);
return true;
}
@ -721,7 +731,7 @@ class ftp_fsock extends transfer
*/
function _close_data_connection()
{
return @fclose($this->data_connecton);
return @fclose($this->data_connection);
}
/**

227
phpBB/includes/functions_user.php
View file

@ -34,14 +34,16 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
$$which_ary = array($$which_ary);
}
$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary);
$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary;
unset($$which_ary);
$user_id_ary = $username_ary = array();
// Grab the user id/username records
$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username';
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . "
WHERE $sql_where IN (" . implode(', ', $sql_in) . ')';
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set($sql_where, $sql_in);
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result)))
@ -50,7 +52,6 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
return 'NO_USERS';
}
$user_id_ary = $username_ary = array();
do
{
$username_ary[$row['user_id']] = $row['username'];
@ -115,7 +116,7 @@ function user_update_name($old_name, $new_name)
if ($config['newest_username'] == $old_name)
{
set_config('newest_username', $new_name);
set_config('newest_username', $new_name, true);
}
}
@ -140,10 +141,14 @@ function user_add($user_row, $cp_data = false)
'user_type' => $user_row['user_type'],
);
/**
* @todo user_allow_email is not used anywhere. Think about removing it.
*/
// These are the additional vars able to be specified
$additional_vars = array(
'user_permissions' => '',
'user_timezone' => 0,
'user_timezone' => $config['board_timezone'],
'user_dateformat' => $config['default_dateformat'],
'user_lang' => $config['default_lang'],
'user_style' => $config['default_style'],
@ -181,7 +186,7 @@ function user_add($user_row, $cp_data = false)
'user_sig' => '',
'user_sig_bbcode_uid' => '',
'user_sig_bbcode_bitfield' => 0,
'user_sig_bbcode_bitfield' => '',
);
// Now fill the sql array with not required variables
@ -202,8 +207,6 @@ function user_add($user_row, $cp_data = false)
}
}
$db->sql_transaction('begin');
$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
@ -232,7 +235,16 @@ function user_add($user_row, $cp_data = false)
);
$db->sql_query($sql);
$db->sql_transaction('commit');
// Now make it the users default group...
group_set_user_default($user_row['group_id'], array($user_id));
// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
if ($user_row['user_type'] == USER_NORMAL)
{
set_config('newest_user_id', $user_id, true);
set_config('newest_username', $user_row['username'], true);
set_config('num_users', $config['num_users'] + 1, true);
}
return $user_id;
}
@ -295,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false)
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
$del_topic_ary = array();
@ -311,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false)
if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}
}
@ -322,7 +334,7 @@ function user_delete($mode, $user_id, $post_username = false)
break;
}
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE);
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE);
foreach ($table_ary as $table)
{
@ -339,6 +351,9 @@ function user_delete($mode, $user_id, $post_username = false)
set_config('num_users', $config['num_users'] - 1, true);
// Adjust last post info...
$db->sql_transaction('commit');
return false;
@ -369,10 +384,12 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
WHERE user_id = $user_id";
$result = $db->sql_query($sql);
$group_name = ($user_type == USER_NORMAL) ? 'REGISTERED' : 'INACTIVE';
while ($row = $db->sql_fetchrow($result))
{
if ($group_name = array_search($row['group_id'], $group_id_ary))
if ($name = array_search($row['group_id'], $group_id_ary))
{
$group_name = $name;
break;
}
}
@ -472,6 +489,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ban_end = 0;
}
$founder = array();
if (!$ban_exclude)
{
// Create a list of founder...
$sql = 'SELECT user_id, user_email
FROM ' . USERS_TABLE . '
WHERE user_type = ' . USER_FOUNDER;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$founder[$row['user_id']] = $row['user_email'];
}
$db->sql_freeresult($result);
}
$banlist_ary = array();
switch ($mode)
@ -494,14 +528,25 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$username = trim($username);
if ($username != '')
{
$sql_usernames[] = "'" . $db->sql_escape($username) . "'";
$sql_usernames[] = strtolower($username);
}
}
$sql_usernames = implode(', ', $sql_usernames);
// Make sure we have been given someone to ban
if (!sizeof($sql_usernames))
{
trigger_error($user->lang['NO_USER_SPECIFIED']);
}
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE username IN (' . $sql_usernames . ')';
WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames);
if (sizeof($founder))
{
$sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true);
}
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
@ -618,9 +663,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
foreach ($ban_list as $ban_item)
{
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
$ban_item = trim($ban_item);
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
{
$banlist_ary[] = trim($ban_item);
if (!sizeof($founder) || !in_array($ban_item, $founder))
{
$banlist_ary[] = $ban_item;
}
}
}
@ -711,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
switch ($mode)
{
case 'user':
$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')';
$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
break;
case 'ip':
$banlist_ary_sql = array();
foreach ($banlist_ary as $ban_entry)
{
$banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'";
}
$sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')';
$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
break;
case 'email':
@ -729,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
foreach ($banlist_ary as $ban_entry)
{
$banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'";
$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
}
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')';
WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
$result = $db->sql_query($sql);
$sql_in = array();
@ -747,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
}
while ($row = $db->sql_fetchrow($result));
$sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")";
$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
}
$db->sql_freeresult($result);
break;
@ -758,12 +802,19 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
$sql_where";
$db->sql_query($sql);
if ($mode == 'user')
{
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
$db->sql_query($sql);
}
}
}
// Update log
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
return true;
}
@ -789,30 +840,30 @@ function user_unban($mode, $ban)
$ban = array($ban);
}
$unban_sql = implode(', ', array_map('intval', $ban));
$unban_sql = array_map('intval', $ban);
if ($unban_sql)
if (sizeof($unban_sql))
{
// Grab details of bans for logging information later
switch ($mode)
{
case 'user':
$sql = 'SELECT u.username AS unban_info
FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b
WHERE b.ban_id IN ($unban_sql)
AND u.user_id = b.ban_userid";
FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
AND u.user_id = b.ban_userid';
break;
case 'email':
$sql = 'SELECT ban_email AS unban_info
FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
break;
case 'ip':
$sql = 'SELECT ban_ip AS unban_info
FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
break;
}
$result = $db->sql_query($sql);
@ -824,8 +875,8 @@ function user_unban($mode, $ban)
}
$db->sql_freeresult($result);
$sql = 'DELETE FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
$db->sql_query($sql);
add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
@ -912,6 +963,8 @@ function validate_data($data, $val_ary)
/**
* Validate String
*
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_string($string, $optional = false, $min = 0, $max = 0)
{
@ -934,6 +987,8 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
/**
* Validate Number
*
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_num($num, $optional = false, $min = 0, $max = 1E99)
{
@ -956,6 +1011,8 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
/**
* Validate Match
*
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_match($string, $optional = false, $match)
{
@ -976,6 +1033,8 @@ function validate_match($string, $optional = false, $match)
* Check to see if the username has been taken, or if it is disallowed.
* Also checks if it includes the " character, which we don't allow in usernames.
* Used for registering, changing names, and posting anonymously with a username
*
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_username($username)
{
@ -1048,6 +1107,8 @@ function validate_username($username)
/**
* Check to see if email address is banned or already present in the DB
*
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_email($email)
{
@ -1058,12 +1119,12 @@ function validate_email($email)
return false;
}
if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
{
return 'EMAIL_INVALID';
}
if ($user->check_ban('', '', $email, true) == true)
if ($user->check_ban(false, false, $email, true) == true)
{
return 'EMAIL_BANNED';
}
@ -1122,7 +1183,7 @@ function avatar_remote($data, &$error)
// Make sure getimagesize works...
if (($image_data = @getimagesize($data['remotelink'])) === false)
{
$error[] = $user->lang['AVATAR_URL_INVALID'];
$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
return false;
}
@ -1202,7 +1263,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
if (!file_exists($path) || !is_dir($path))
{
$avatar_list = array($user->lang['NONE'] => array());
$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
}
else
{
@ -1242,7 +1303,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
if (!sizeof($avatar_list))
{
$avatar_list = array($user->lang['NONE'] => array());
$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
}
@ksort($avatar_list);
@ -1336,14 +1397,14 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
'group_name' => (string) $name,
'group_desc' => (string) $desc,
'group_desc_uid' => '',
'group_desc_bitfield' => 0,
'group_desc_bitfield' => '',
'group_type' => (int) $type,
);
// Parse description
if ($desc)
{
generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
}
if (sizeof($group_attributes))
@ -1361,6 +1422,8 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
// Setting the log message before we set the group id (if group gets added)
$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
$query = '';
if ($group_id)
{
$sql = 'UPDATE ' . GROUPS_TABLE . '
@ -1484,6 +1547,9 @@ function group_delete($group_id, $group_name = false)
WHERE group_id = $group_id";
$db->sql_query($sql);
// Re-cache moderators
cache_moderators();
add_log('admin', 'LOG_GROUP_DELETE', $group_name);
return 'GROUP_DELETED';
@ -1497,9 +1563,9 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
global $db, $auth;
// We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary);
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary))
if (!sizeof($user_id_ary) || $result !== false)
{
return 'NO_USER';
}
@ -1507,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
// Remove users who are already members of this group
$sql = 'SELECT user_id, group_leader
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ")
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
AND group_id = $group_id";
$result = $db->sql_query($sql);
@ -1563,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
{
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = 1
WHERE user_id IN (' . implode(', ', $update_id_ary) . ")
WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
AND group_id = $group_id";
$db->sql_query($sql);
}
@ -1600,16 +1666,16 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
// We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary);
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary))
if (!sizeof($user_id_ary) || $result !== false)
{
return 'NO_USER';
}
$sql = 'SELECT *
FROM ' . GROUPS_TABLE . '
WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')';
WHERE ' . $db->sql_in_set('group_name', $group_order);
$result = $db->sql_query($sql);
$group_order_id = $special_group_data = array();
@ -1638,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
$sql = 'SELECT user_id, group_id
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ")";
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query($sql);
$default_groups = array();
@ -1651,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// What special group memberships exist for these users?
$sql = 'SELECT g.group_id, g.group_name, ug.user_id
FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ")
WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
AND g.group_id = ug.group_id
AND g.group_id <> $group_id
AND g.group_type = " . GROUP_SPECIAL . '
@ -1687,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
$sql = 'SELECT user_id, user_avatar
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')
WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . '
AND user_avatar_type = ' . AVATAR_UPLOAD;
$result = $db->sql_query($sql);
@ -1699,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
}
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . '
WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')';
WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]);
$db->sql_query($sql);
}
}
@ -1707,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
// Clear permissions cache of relevant users
@ -1733,9 +1799,9 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
global $db, $auth, $phpbb_root_path, $phpEx, $config;
// We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary);
$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary))
if (!sizeof($user_id_ary) || $result !== false)
{
return false;
}
@ -1752,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
@ -1765,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
WHERE ug.group_id = ' . $group_id . '
AND ug.user_pending = 1
AND ug.user_id = u.user_id
AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')';
AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = $email_users = array();
@ -1784,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$sql = 'UPDATE ' . USER_GROUP_TABLE . "
SET user_pending = 0
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
// Send approved email to users...
@ -1840,7 +1906,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
{
global $db;
if (!$user_id_ary)
if (empty($user_id_ary))
{
return;
}
@ -1890,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
$sql = 'SELECT user_id, user_avatar
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
AND user_avatar_type = ' . AVATAR_UPLOAD;
$result = $db->sql_query($sql);
@ -1902,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
}
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ')';
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}
@ -1943,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_
return true;
}
if ($user_id_ary)
{
$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
}
if ($group_id_ary)
{
$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
}
$sql = 'SELECT ug.*, u.username, u.user_email
FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
WHERE ug.user_id = u.user_id AND ';
if ($group_id_ary && $user_id_ary)
if ($group_id_ary)
{
$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . "
AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
}
else if ($group_id_ary)
if ($user_id_ary)
{
$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary");
}
else if ($user_id_ary)
{
$sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
$sql .= ($group_id_ary) ? ' AND ' : ' ';
$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
}
$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);

67
phpBB/includes/mcp/mcp_forum.php
View file

@ -16,6 +16,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
global $template, $db, $user, $auth, $cache;
global $phpEx, $phpbb_root_path, $config;
include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
if ($action == 'merge_select')
@ -61,10 +63,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
$template->assign_vars(array(
'FORUM_NAME' => $forum_info['forum_name'],
'FORUM_DESCRIPTION' => generate_text_for_display($forum_info['forum_desc'], $forum_info['forum_desc_uid'], $forum_info['forum_desc_bitfield']),
'FORUM_DESCRIPTION' => generate_text_for_display($forum_info['forum_desc'], $forum_info['forum_desc_uid'], $forum_info['forum_desc_bitfield'], $forum_info['forum_desc_options']),
'REPORTED_IMG' => $user->img('icon_reported', 'TOPIC_REPORTED'),
'UNAPPROVED_IMG' => $user->img('icon_unapproved', 'TOPIC_UNAPPROVED'),
'REPORTED_IMG' => $user->img('icon_topic_reported', 'TOPIC_REPORTED'),
'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', 'TOPIC_UNAPPROVED'),
'S_CAN_DELETE' => $auth->acl_get('m_delete', $forum_id),
'S_CAN_MOVE' => $auth->acl_get('m_move', $forum_id),
@ -107,56 +109,11 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
{
$topic_title = '';
if ($row['topic_status'] == ITEM_LOCKED)
{
$folder_img = 'folder_locked';
$folder_alt = 'VIEW_TOPIC_LOCKED';
}
else
{
if ($row['topic_type'] == POST_ANNOUNCE || $row['topic_type'] == POST_GLOBAL)
{
$folder_img = 'folder_announce';
$folder_alt = 'VIEW_TOPIC_ANNOUNCEMENT';
}
else if ($row['topic_type'] == POST_STICKY)
{
$folder_img = 'folder_sticky';
$folder_alt = 'VIEW_TOPIC_STICKY';
}
else if ($row['topic_status'] == ITEM_MOVED)
{
$folder_img = 'folder_moved';
$folder_alt = 'VIEW_TOPIC_MOVED';
}
else
{
$folder_img = 'folder';
$folder_alt = 'NO_NEW_POSTS';
}
}
$replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies'];
if ($row['topic_type'] == POST_ANNOUNCE || $row['topic_type'] == POST_GLOBAL)
{
$topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT'] . ' ';
}
else if ($row['topic_type'] == POST_STICKY)
{
$topic_type = $user->lang['VIEW_TOPIC_STICKY'] . ' ';
}
else if ($row['topic_status'] == ITEM_MOVED)
{
$topic_type = $user->lang['VIEW_TOPIC_MOVED'] . ' ';
}
else
{
$topic_type = '';
}
if (intval($row['poll_start']))
{
$topic_type .= $user->lang['VIEW_TOPIC_POLL'] . ' ';
}
// Get folder img, topic status/type related informations
$folder_img = $folder_alt = $topic_type = '';
topic_status($row, $replies, false, $folder_img, $folder_alt, $topic_type);
$topic_title = censor_text($row['topic_title']);
@ -172,13 +129,13 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
'U_MCP_QUEUE' => $u_mcp_queue,
'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=topic_view&amp;t=' . $row['topic_id'] . '&amp;action=reports'),
'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt),
'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'),
'TOPIC_ICON_IMG' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['img'] : '',
'TOPIC_ICON_IMG_WIDTH' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '',
'TOPIC_ICON_IMG_HEIGHT' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '',
'UNAPPROVED_IMG' => ($topic_unapproved || $posts_unapproved) ? $user->img('icon_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
'UNAPPROVED_IMG' => ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
'TOPIC_TYPE' => $topic_type,
'TOPIC_TITLE' => $topic_title,
@ -220,7 +177,7 @@ function mcp_resync_topics($topic_ids)
$sql = 'SELECT topic_id, forum_id, topic_title
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
// Log this action

10
phpBB/includes/mcp/mcp_front.php
View file

@ -41,7 +41,7 @@ function mcp_front_view($id, $mode, $action)
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_list) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_list);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -54,7 +54,7 @@ function mcp_front_view($id, $mode, $action)
FROM ' . POSTS_TABLE . '
WHERE forum_id IN (0, ' . implode(', ', $forum_list) . ')
AND post_approved = 0
ORDER BY post_id DESC';
ORDER BY post_time DESC';
$result = $db->sql_query_limit($sql, 5);
while ($row = $db->sql_fetchrow($result))
@ -65,10 +65,10 @@ function mcp_front_view($id, $mode, $action)
$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(', ', $post_list) . ')
WHERE ' . $db->sql_in_set('p.post_id', $post_list) . '
AND t.topic_id = p.topic_id
AND p.poster_id = u.user_id
ORDER BY p.post_id DESC';
ORDER BY p.post_time DESC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -158,7 +158,7 @@ function mcp_front_view($id, $mode, $action)
AND r.user_id = u.user_id
AND p.forum_id IN (0, ' . implode(', ', $forum_list) . ')',
'ORDER_BY' => 'p.post_id DESC'
'ORDER_BY' => 'p.post_time DESC'
));
$result = $db->sql_query_limit($sql, 5);

12
phpBB/includes/mcp/mcp_logs.php
View file

@ -43,8 +43,8 @@ class mcp_logs
// Set up general vars
$start = request_var('start', 0);
$deletemark = (isset($_POST['del_marked'])) ? true : false;
$deleteall = (isset($_POST['del_all'])) ? true : false;
$deletemark = ($action == 'del_marked') ? true : false;
$deleteall = ($action == 'del_all') ? true : false;
$marked = request_var('mark', array(0));
// Sort keys
@ -84,14 +84,14 @@ class mcp_logs
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
if ($where_sql || $deleteall)
{
$sql = 'DELETE FROM ' . LOG_TABLE . '
WHERE log_type = ' . LOD_MOD . "
WHERE log_type = ' . LOG_MOD . "
$where_sql";
$db->sql_query($sql);
@ -102,7 +102,7 @@ class mcp_logs
// Sorting
$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
$sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@ -121,6 +121,8 @@ class mcp_logs
'TOTAL' => ($log_count == 1) ? $user->lang['TOTAL_LOG'] : sprintf($user->lang['TOTAL_LOGS'], $log_count),
'PAGINATION' => generate_pagination($this->u_action . "&amp;$u_sort_param", $log_count, $config['topics_per_page'], $start),
'L_TITLE' => $user->lang['MCP_LOGS'],
'U_POST_ACTION' => $this->u_action,
'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false,
'S_SELECT_SORT_DIR' => $s_sort_dir,

88
phpBB/includes/mcp/mcp_main.php
View file

@ -224,8 +224,8 @@ function lock_unlock($action, $ids)
if (confirm_box(true))
{
$sql = "UPDATE $table
SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . "
WHERE $sql_id IN (" . implode(', ', $ids) . ")";
SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . '
WHERE ' . $db->sql_in_set($sql_id, $ids);
$db->sql_query($sql);
$data = ($action == 'lock' || $action == 'unlock') ? get_topic_data($ids) : get_post_data($ids);
@ -311,7 +311,7 @@ function change_topic_type($action, $topic_ids)
{
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id <> 0';
$db->sql_query($sql);
@ -320,26 +320,68 @@ function change_topic_type($action, $topic_ids)
{
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type, forum_id = $forum_id
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id = 0';
$db->sql_query($sql);
// Update forum_ids for all posts
$sql = 'UPDATE ' . POSTS_TABLE . "
SET forum_id = $forum_id
WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id = 0';
$db->sql_query($sql);
sync('forum', 'forum_id', $forum_id);
}
}
else
{
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type, forum_id = 0
WHERE topic_id IN (" . implode(', ', $topic_ids) . ")";
$db->sql_query($sql);
// Get away with those topics already being a global announcement by re-calculating $topic_ids
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id <> 0';
$result = $db->sql_query($sql);
$topic_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$topic_ids[] = $row['topic_id'];
}
$db->sql_freeresult($result);
if (sizeof($topic_ids))
{
// Delete topic shadows for global announcements
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
$db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type, forum_id = 0
WHERE " . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
// Update forum_ids for all posts
$sql = 'UPDATE ' . POSTS_TABLE . '
SET forum_id = 0
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
sync('forum', 'forum_id', $forum_id);
}
}
$success_msg = (sizeof($topic_ids) == 1) ? 'TOPIC_TYPE_CHANGED' : 'TOPICS_TYPE_CHANGED';
$data = get_topic_data($topic_ids);
foreach ($data as $topic_id => $row)
if (sizeof($topic_ids))
{
add_log('mod', $forum_id, $topic_id, 'LOG_TOPIC_TYPE_CHANGED', $row['topic_title']);
$data = get_topic_data($topic_ids);
foreach ($data as $topic_id => $row)
{
add_log('mod', $forum_id, $topic_id, 'LOG_TOPIC_TYPE_CHANGED', $row['topic_title']);
}
}
}
else
@ -480,7 +522,7 @@ function mcp_move_topic($topic_ids)
else
{
$template->assign_vars(array(
'S_FORUM_SELECT' => make_forum_select($to_forum_id, $forum_id, false, true, true),
'S_FORUM_SELECT' => make_forum_select($to_forum_id, $forum_id, false, true, true, true),
'S_CAN_LEAVE_SHADOW' => true,
'ADDITIONAL_MSG' => $additional_msg)
);
@ -541,11 +583,7 @@ function mcp_delete_topic($topic_ids)
add_log('mod', $forum_id, 0, 'LOG_TOPIC_DELETED', $row['topic_title']);
}
$return = delete_topics('topic_id', $topic_ids, true);
/**
* @todo Adjust total post count (mcp_delete_topic)
*/
$return = delete_topics('topic_id', $topic_ids);
}
else
{
@ -602,7 +640,7 @@ function mcp_delete_post($post_ids)
$sql = 'SELECT DISTINCT topic_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$result = $db->sql_query($sql);
$topic_id_list = array();
@ -625,7 +663,7 @@ function mcp_delete_post($post_ids)
$sql = 'SELECT COUNT(topic_id) AS topics_left
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_id_list) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_id_list);
$result = $db->sql_query_limit($sql, 1);
$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;
@ -809,7 +847,7 @@ function mcp_fork_topic($topic_ids)
$sql = 'SELECT *
FROM ' . POSTS_TABLE . "
WHERE topic_id = $topic_id
ORDER BY post_id ASC";
ORDER BY post_time ASC";
$result = $db->sql_query($sql);
$post_rows = array();
@ -848,7 +886,7 @@ function mcp_fork_topic($topic_ids)
'post_checksum' => (string) $row['post_checksum'],
'post_encoding' => (string) $row['post_encoding'],
'post_attachment' => (int) $row['post_attachment'],
'bbcode_bitfield' => (int) $row['bbcode_bitfield'],
'bbcode_bitfield' => $row['bbcode_bitfield'],
'bbcode_uid' => (string) $row['bbcode_uid'],
'post_edit_time' => (int) $row['post_edit_time'],
'post_edit_count' => (int) $row['post_edit_count'],
@ -880,7 +918,7 @@ function mcp_fork_topic($topic_ids)
'physical_filename' => (string) basename($attach_row['physical_filename']),
'real_filename' => (string) basename($attach_row['real_filename']),
'download_count' => (int) $attach_row['download_count'],
'comment' => (string) $attach_row['comment'],
'attach_comment' => (string) $attach_row['attach_comment'],
'extension' => (string) $attach_row['extension'],
'mimetype' => (string) $attach_row['mimetype'],
'filesize' => (int) $attach_row['filesize'],
@ -898,8 +936,8 @@ function mcp_fork_topic($topic_ids)
// Sync new topics, parent forums and board stats
sync('topic', 'topic_id', $new_topic_id_list, true);
sync('forum', 'forum_id', $to_forum_id, true);
set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list));
set_config('num_posts', $config['num_posts'] + $total_posts);
set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list), true);
set_config('num_posts', $config['num_posts'] + $total_posts, true);
foreach ($new_topic_id_list as $topic_id => $new_topic_id)
{

7
phpBB/includes/mcp/mcp_notes.php
View file

@ -68,7 +68,7 @@ class mcp_notes
global $template, $db, $user, $auth;
$user_id = request_var('u', 0);
$username = request_var('username', '', true);
$username = request_var('username', '');
$start = request_var('start', 0);
$st = request_var('st', 0);
$sk = request_var('sk', 'b');
@ -106,7 +106,7 @@ class mcp_notes
{
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
@ -161,7 +161,7 @@ class mcp_notes
$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
$sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']);
$sort_by_sql = array('a' => 'l.user_id', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation');
$sort_by_sql = array('a' => 'l.username', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation');
$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@ -184,6 +184,7 @@ class mcp_notes
'REPORT_BY' => $row['username'],
'REPORT_AT' => $user->format_date($row['time']),
'ACTION' => $row['action'],
'IP' => $row['ip'],
'ID' => $row['id'])
);
}

25
phpBB/includes/mcp/mcp_post.php
View file

@ -59,7 +59,7 @@ function mcp_post_details($id, $mode, $action)
if ($action == 'chgposter')
{
$username = request_var('username', '', true);
$username = request_var('username', '');
$sql_where = "username = '" . $db->sql_escape($username) . "'";
}
else
@ -125,13 +125,15 @@ function mcp_post_details($id, $mode, $action)
'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;f=' . $post_info['forum_id'] . '&amp;p=' . $post_id),
'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
'U_MCP_WARN_USER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_info['forum_id']}&amp;p=$post_id") . "#p$post_id\">", '</a>'),
'RETURN_FORUM' => sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&amp;start={$start}") . '">', '</a>'),
'REPORTED_IMG' => $user->img('icon_reported', $user->lang['POST_REPORTED']),
'UNAPPROVED_IMG' => $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
'EDIT_IMG' => $user->img('btn_edit', $user->lang['EDIT_POST']),
'REPORTED_IMG' => $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['EDIT_POST']),
'POSTER_NAME' => $poster,
'POST_PREVIEW' => $message,
@ -334,31 +336,20 @@ function change_poster(&$post_info, $userdata)
$db->sql_query($sql);
// Resync topic/forum if needed
if ($post_info['topic_last_post_id'] == $post_id || $post_info['forum_last_post_id'] == $post_id)
if ($post_info['topic_last_post_id'] == $post_id || $post_info['forum_last_post_id'] == $post_id || $post_info['topic_first_post_id'] == $post_id)
{
sync('topic', 'topic_id', $post_info['topic_id'], false, false);
sync('forum', 'forum_id', $post_info['forum_id'], false, false);
}
// Adjust post counts
$auth_user_from = new auth();
$auth_user_from->acl($post_info);
$auth_user_to = new auth();
$auth_user_to->acl($userdata);
// Decrease post count by one for the old user
if ($auth_user_from->acl_get('f_postcount', $post_info['forum_id']))
if ($post_info['post_postcount'])
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts - 1
WHERE user_id = ' . $post_info['user_id'];
$db->sql_query($sql);
}
// Increase post count by one for the new user
if ($auth_user_to->acl_get('f_postcount', $post_info['forum_id']))
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts + 1
WHERE user_id = ' . $userdata['user_id'];

35
phpBB/includes/mcp/mcp_queue.php
View file

@ -131,12 +131,14 @@ class mcp_queue
'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;f=' . $post_info['forum_id'] . '&amp;p=' . $post_id),
'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
'U_MCP_WARN_USER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
'RETURN_QUEUE' => sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&amp;mode=unapproved_topics' : '&amp;mode=unapproved_posts')) . "&amp;start=$start\">", '</a>'),
'REPORTED_IMG' => $user->img('icon_reported', $user->lang['POST_REPORTED']),
'UNAPPROVED_IMG' => $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
'EDIT_IMG' => $user->img('btn_edit', $user->lang['EDIT_POST']),
'REPORTED_IMG' => $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['EDIT_POST']),
'POSTER_NAME' => $poster,
'POST_PREVIEW' => $message,
@ -179,6 +181,8 @@ class mcp_queue
$forum_list[] = $row['forum_id'];
}
$global_id = $forum_list[0];
if (!($forum_list = implode(', ', $forum_list)))
{
trigger_error('NOT_MODERATOR');
@ -190,8 +194,6 @@ class mcp_queue
$result = $db->sql_query($sql);
$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
$db->sql_freeresult($result);
$global_id = $forum_list[0];
}
else
{
@ -248,11 +250,11 @@ class mcp_queue
if (sizeof($post_ids))
{
$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_username, p.poster_id, p.post_time, u.username
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u
WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
AND t.topic_id = p.topic_id
AND u.user_id = p.poster_id";
AND u.user_id = p.poster_id';
$result = $db->sql_query($sql);
$post_data = $rowset = array();
@ -279,7 +281,7 @@ class mcp_queue
}
else
{
$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username
$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_title AS post_subject, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username
FROM ' . TOPICS_TABLE . " t
WHERE topic_approved = 0
AND forum_id IN (0, $forum_list)
@ -304,7 +306,7 @@ class mcp_queue
// Select the names for the forum_ids
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(',', $forum_names) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_names);
$result = $db->sql_query($sql, 3600);
$forum_names = array();
@ -334,15 +336,13 @@ class mcp_queue
$template->assign_block_vars('postrow', array(
'U_VIEWFORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
// Q: Why accessing the topic by a post_id instead of its topic_id?
// A: To prevent the post from being hidden because of wrong encoding or different charset
'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
'U_VIEWPOST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
'U_VIEW_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;start=$start&amp;mode=approve_details&amp;f={$row['forum_id']}&amp;p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&amp;t={$row['topic_id']}" : '')),
'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
'POST_ID' => $row['post_id'],
'FORUM_NAME' => (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
'TOPIC_TITLE' => $row['topic_title'],
'POST_SUBJECT' => $row['post_subject'],
'POSTER' => $poster,
'POST_TIME' => $user->format_date($row['post_time']))
);
@ -358,6 +358,7 @@ class mcp_queue
'S_FORUM_OPTIONS' => $forum_options,
'S_MCP_ACTION' => build_url(array('t', 'f', 'sd', 'st', 'sk')),
'S_TOPICS' => ($mode == 'unapproved_posts') ? false : true,
'PAGINATION' => generate_pagination($this->u_action . "&amp;f=$forum_id", $total, $config['topics_per_page'], $start),
'PAGE_NUMBER' => on_page($total, $config['topics_per_page'], $start),
@ -448,7 +449,7 @@ function approve_post($post_id_list, $mode)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_approved = 1
WHERE topic_id IN (' . implode(', ', $topic_approve_sql) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_approve_sql);
$db->sql_query($sql);
}
@ -456,7 +457,7 @@ function approve_post($post_id_list, $mode)
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_approved = 1
WHERE post_id IN (' . implode(', ', $post_approve_sql) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_approve_sql);
$db->sql_query($sql);
}

130
phpBB/includes/mcp/mcp_reports.php
View file

@ -61,20 +61,14 @@ class mcp_reports
$post_id = request_var('p', 0);
$post_info = get_post_data(array($post_id), 'm_approve');
// closed reports are accessed by report id
$report_id = request_var('r', 0);
if (!sizeof($post_info))
{
trigger_error('NO_POST_SELECTED');
}
$post_info = $post_info[$post_id];
$sql = 'SELECT r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username
FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . " u
WHERE r.post_id = $post_id
$sql = 'SELECT r.post_id, r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username
FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . ' u
WHERE ' . (($report_id) ? 'r.report_id = ' . $report_id : "r.post_id = $post_id AND r.report_closed = 0") . '
AND rr.reason_id = r.reason_id
AND r.user_id = u.user_id";
AND r.user_id = u.user_id';
$result = $db->sql_query($sql);
$report = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -84,6 +78,20 @@ class mcp_reports
trigger_error('NO_POST_REPORT');
}
if ($report_id)
{
$post_id = $report['post_id'];
}
$post_info = get_post_data(array($post_id), 'm_report');
if (!sizeof($post_info))
{
trigger_error('NO_POST_SELECTED');
}
$post_info = $post_info[$post_id];
$reason = array('title' => $report['reason_title'], 'description' => $report['reason_description']);
if (isset($user->lang['report_reasons']['TITLE'][strtoupper($reason['title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($reason['title'])]))
{
@ -134,14 +142,16 @@ class mcp_reports
'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
'U_MCP_WARN_REPORTER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $report['user_id']) : '',
'U_MCP_WARN_USER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_REPORTER_PROFILE' => ($report['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $report['user_id']) : '',
'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
'EDIT_IMG' => $user->img('btn_edit', $user->lang['EDIT_POST']),
'UNAPPROVED_IMG' => $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['EDIT_POST']),
'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
'RETURN_REPORTS' => sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . '&amp;start=' . $start) . '">', '</a>'),
'REPORTED_IMG' => $user->img('icon_reported', $user->lang['POST_REPORTED']),
'REPORTED_IMG' => $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
'REPORT_REASON_TITLE' => $reason['title'],
'REPORT_REASON_DESCRIPTION' => $reason['description'],
'REPORTER_NAME' => ($report['user_id'] == ANONYMOUS) ? $user->lang['GUEST'] : $report['username'],
@ -181,22 +191,25 @@ class mcp_reports
$forum_id = $topic_info['forum_id'];
}
$forum_list = array();
if (!$forum_id)
{
$forum_list = array();
foreach ($forum_list_reports as $row)
{
$forum_list[] = $row['forum_id'];
}
if (!($forum_list = implode(', ', $forum_list)))
$global_id = $forum_list[0];
if (!sizeof($forum_list))
{
trigger_error('NOT_MODERATOR');
}
$sql = 'SELECT SUM(forum_topics) as sum_forum_topics
FROM ' . FORUMS_TABLE . "
WHERE forum_id IN ($forum_list)";
FROM ' . FORUMS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_list);
$result = $db->sql_query($sql);
$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
$db->sql_freeresult($result);
@ -211,10 +224,11 @@ class mcp_reports
}
$forum_info = $forum_info[$forum_id];
$forum_list = $forum_id;
$forum_list = array($forum_id);
$global_id = $forum_id;
}
$forum_list .= ', 0';
$forum_list[] = 0;
$forum_data = array();
$forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>';
@ -242,9 +256,9 @@ class mcp_reports
$report_state = 'AND r.report_closed = 1';
}
$sql = 'SELECT p.post_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . "
WHERE p.forum_id IN ($forum_list)
$sql = 'SELECT r.report_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . '
WHERE ' . $db->sql_in_set('p.forum_id', $forum_list) . "
$report_state
AND r.post_id = p.post_id
" . (($sort_order_sql[0] == 'u') ? 'AND u.user_id = p.poster_id' : '') . '
@ -256,36 +270,28 @@ class mcp_reports
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
$i = 0;
$post_ids = array();
$report_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$post_ids[] = $row['post_id'];
$row_num[$row['post_id']] = $i++;
$report_ids[] = $row['report_id'];
$row_num[$row['report_id']] = $i++;
}
$db->sql_freeresult($result);
if (sizeof($post_ids))
if (sizeof($report_ids))
{
$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u, ' . USERS_TABLE . " ru
WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time, r.report_id
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . ' ru
WHERE ' . $db->sql_in_set('r.report_id', $report_ids) . '
AND t.topic_id = p.topic_id
AND r.post_id = p.post_id
AND u.user_id = p.poster_id
AND ru.user_id = r.user_id";
AND ru.user_id = r.user_id';
$result = $db->sql_query($sql);
$post_data = $rowset = array();
$report_data = $rowset = array();
while ($row = $db->sql_fetchrow($result))
{
$post_data[$row['post_id']] = $row;
}
$db->sql_freeresult($result);
foreach ($post_ids as $post_id)
{
$row = $post_data[$post_id];
if ($row['poster_id'] == ANONYMOUS)
{
$poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST'];
@ -295,16 +301,20 @@ class mcp_reports
$poster = $row['username'];
}
$global_topic = ($row['forum_id']) ? false : true;
if ($global_topic)
{
$row['forum_id'] = $global_id;
}
$template->assign_block_vars('postrow', array(
'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
// Q: Why accessing the topic by a post_id instead of its topic_id?
// A: To prevent the post from being hidden because of wrong encoding or different charset
'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
'U_VIEW_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$forum_id}&amp;p={$row['post_id']}"),
'U_VIEWFORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
'U_VIEWPOST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
'U_VIEW_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$row['forum_id']}&amp;r={$row['report_id']}"),
'U_VIEW_POSTER_PROFILE' => ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
'U_VIEW_REPORTER_PROFILE' => ($row['reporter_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['reporter_id']) : '',
'FORUM_NAME' => ($row['forum_id']) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['ALL_FORUMS'],
'FORUM_NAME' => (!$global_topic) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['GLOBAL_ANNOUNCEMENT'],
'POSTER' => $poster,
'POST_ID' => $row['post_id'],
'POST_SUBJECT' => $row['post_subject'],
@ -314,7 +324,8 @@ class mcp_reports
'TOPIC_TITLE' => $row['topic_title'])
);
}
unset($post_data, $post_ids, $row);
$db->sql_freeresult($result);
unset($report_ids, $row);
}
// Now display the page
@ -377,7 +388,7 @@ function close_report($post_id_list, $mode, $action)
$sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ')
WHERE ' . $db->sql_in_set('r.post_id', array_keys($post_info)) . '
' . (($action == 'close') ? 'AND r.report_closed = 0' : '') . '
AND r.user_id = u.user_id';
$result = $db->sql_query($sql);
@ -411,9 +422,9 @@ function close_report($post_id_list, $mode, $action)
// Get a list of topics that still contain reported posts
$sql = 'SELECT DISTINCT topic_id
FROM ' . POSTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
AND post_reported = 1
AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')';
AND ' . $db->sql_in_set('post_id', $close_report_posts, true);
$result = $db->sql_query($sql);
$keep_report_topics = array();
@ -432,24 +443,27 @@ function close_report($post_id_list, $mode, $action)
{
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET report_closed = 1
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
}
else
{
$sql = 'DELETE FROM ' . REPORTS_TABLE . '
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
}
$db->sql_query($sql);
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 0
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
$db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')';
$db->sql_query($sql);
if (sizeof($close_report_topics))
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
$db->sql_query($sql);
}
$db->sql_transaction('commit');
}

12
phpBB/includes/mcp/mcp_topic.php
View file

@ -88,11 +88,11 @@ function mcp_topic_view($id, $mode, $action)
$result = $db->sql_query_limit($sql, $posts_per_page, $start);
$rowset = array();
$bbcode_bitfield = 0;
$bbcode_bitfield = '';
while ($row = $db->sql_fetchrow($result))
{
$rowset[] = $row;
$bbcode_bitfield |= $row['bbcode_bitfield'];
$bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']);
}
$db->sql_freeresult($result);
@ -132,7 +132,7 @@ function mcp_topic_view($id, $mode, $action)
'POST_ID' => $row['post_id'],
'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>'),
'MINI_POST_IMG' => ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_new', $user->lang['NEW_POST']) : $user->img('icon_post', $user->lang['POST']),
'MINI_POST_IMG' => ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_target_unread', $user->lang['NEW_POST']) : $user->img('icon_post_target', $user->lang['POST']),
'S_POST_REPORTED' => ($row['post_reported']) ? true : false,
'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true,
@ -186,11 +186,11 @@ function mcp_topic_view($id, $mode, $action)
'POSTS_PER_PAGE' => $posts_per_page,
'ACTION' => $action,
'REPORTED_IMG' => $user->img('icon_reported', 'POST_REPORTED', false, true),
'UNAPPROVED_IMG' => $user->img('icon_unapproved', 'POST_UNAPPROVED', false, true),
'REPORTED_IMG' => $user->img('icon_topic_reported', 'POST_REPORTED', false, true),
'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', 'POST_UNAPPROVED', false, true),
'S_MCP_ACTION' => "$url&amp;i=$id&amp;mode=$mode&amp;action=$action&amp;start=$start",
'S_FORUM_SELECT' => '<select name="to_forum_id">' . (($to_forum_id) ? make_forum_select($to_forum_id) : make_forum_select($topic_info['forum_id'])) . '</select>',
'S_FORUM_SELECT' => ($to_forum_id) ? make_forum_select($to_forum_id, false, false, true, true, true) : make_forum_select($topic_info['forum_id'], false, false, true, true, true),
'S_CAN_SPLIT' => ($auth->acl_get('m_split', $topic_info['forum_id'])) ? true : false,
'S_CAN_MERGE' => ($auth->acl_get('m_merge', $topic_info['forum_id'])) ? true : false,
'S_CAN_DELETE' => ($auth->acl_get('m_delete', $topic_info['forum_id'])) ? true : false,

19
phpBB/includes/mcp/mcp_warn.php
View file

@ -188,6 +188,7 @@ function mcp_warn_post_view($id, $mode, $action)
global $template, $db, $user, $auth;
$post_id = request_var('p', 0);
$forum_id = request_var('f', 0);
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
$warning = request_var('warning', '', true);
@ -210,6 +211,12 @@ function mcp_warn_post_view($id, $mode, $action)
trigger_error($user->lang['CANNOT_WARN_ANONYMOUS']);
}
// Prevent someone from warning themselves
if ($userrow['user_id'] == $user->data['user_id'])
{
trigger_error($user->lang['CANNOT_WARN_SELF']);
}
// Check if there is already a warning for this post to prevent multiple
// warnings for the same offence
$sql = 'SELECT post_id
@ -290,6 +297,8 @@ function mcp_warn_post_view($id, $mode, $action)
'AVATAR_IMG' => $avatar_img,
'RANK_IMG' => $rank_img,
'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&amp;p=$post_id"),
)
);
}
@ -303,7 +312,7 @@ function mcp_warn_user_view($id, $mode, $action)
global $template, $db, $user, $auth;
$user_id = request_var('u', 0);
$username = request_var('username', '', true);
$username = request_var('username', '');
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
$warning = request_var('warning', '', true);
@ -321,6 +330,12 @@ function mcp_warn_user_view($id, $mode, $action)
trigger_error('NO_USER');
}
// Prevent someone from warning themselves
if ($userrow['user_id'] == $user->data['user_id'])
{
trigger_error($user->lang['CANNOT_WARN_SELF']);
}
$user_id = $userrow['user_id'];
if ($warning && $action == 'add_warning')
@ -401,7 +416,7 @@ function add_warning($userrow, $warning, $send_pm = true, $post_id = 0)
'enable_smilies' => true,
'enable_urls' => false,
'icon_id' => 0,
'bbcode_bitfield' => (int) $message_parser->bbcode_bitfield,
'bbcode_bitfield' => $message_parser->bbcode_bitfield,
'bbcode_uid' => $message_parser->bbcode_uid,
'message' => $message_parser->message,
'address_list' => array('u' => array($userrow['user_id'] => 'to')),

107
phpBB/includes/message_parser.php
View file

@ -43,7 +43,9 @@ class bbcode_firstpass extends bbcode
}
global $user;
$this->bbcode_bitfield = 0;
$this->bbcode_bitfield = '';
$bitfield = new bitfield();
$size = strlen($this->message);
foreach ($this->bbcodes as $bbcode_name => $bbcode_data)
@ -72,10 +74,29 @@ class bbcode_firstpass extends bbcode
$new_size = strlen($this->message);
if ($size != $new_size)
{
$this->bbcode_bitfield |= (1 << $bbcode_data['bbcode_id']);
$bitfield->set($bbcode_data['bbcode_id']);
$size = $new_size;
}
}
$this->bbcode_bitfield = $bitfield->get_base64();
}
/**
* Prepare some bbcodes for better parsing
*/
function prepare_bbcodes()
{
// Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
if (strpos($this->message, '[quote') !== false)
{
$in = str_replace("\r\n", "\n", $this->message);
$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
}
// Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...)
}
/**
@ -97,7 +118,7 @@ class bbcode_firstpass extends bbcode
'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")),
'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")),
'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")),
'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9A-Fa-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")),
'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(=[a-z|0-9|(?:disc|circle|square))]+)?\].*\[/list\]#ise' => "\$this->bbcode_parse_list('\$0')")),
'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")),
@ -147,7 +168,7 @@ class bbcode_firstpass extends bbcode
$in = str_replace("\r\n", "\n", str_replace('\"', '"', $in));
// Trimming here to make sure no empty bbcodes are parsed accidently
if (!trim($in))
if (trim($in) == '')
{
return false;
}
@ -389,12 +410,11 @@ class bbcode_firstpass extends bbcode
switch (strtolower($stx))
{
case 'php':
$code = trim($code);
$remove_tags = false;
$code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
if (!preg_match('/^\<\?.*?\?\>/is', $code))
if (!preg_match('/\<\?.*?\?\>/is', $code))
{
$remove_tags = true;
$code = "<?php $code ?>";
@ -417,7 +437,7 @@ class bbcode_firstpass extends bbcode
{
$str_from[] = '<span class="syntaxdefault">&lt;?php </span>';
$str_to[] = '';
$str_from[] = '<span class="syntaxdefault">&lt;?php ';
$str_from[] = '<span class="syntaxdefault">&lt;?php&nbsp;';
$str_to[] = '<span class="syntaxdefault">';
}
@ -432,6 +452,12 @@ class bbcode_firstpass extends bbcode
$code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code);
$code = preg_replace('#(?:[\n\r\s\t]|&nbsp;)*</span>$#', '</span>', $code);
// remove newline at the end
if (!empty($code) && $code{strlen($code)-1} == "\n")
{
$code = substr($code, 0, -1);
}
$out .= "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']';
break;
@ -565,12 +591,6 @@ class bbcode_firstpass extends bbcode
$tok = ']';
$out = '[';
// Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
$in = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in);
$in = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in);
$in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in)));
$in = substr($in, 1);
$close_tags = $error_ary = array();
$buffer = '';
@ -677,7 +697,8 @@ class bbcode_firstpass extends bbcode
else
{
$out .= $buffer . $tok;
$tok = ($tok == '[') ? ']' : '[]';
// $tok = ($tok == '[') ? ']' : '[]';
$tok = '[]';
$buffer = '';
}
}
@ -709,7 +730,7 @@ class bbcode_firstpass extends bbcode
$validated = true;
if (!preg_match('!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i', $email))
if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
{
$validated = false;
}
@ -792,8 +813,10 @@ class bbcode_firstpass extends bbcode
{
global $config, $phpEx, $user;
$check_path = ($user->page['root_script_path'] != '/') ? substr($user->page['root_script_path'], 0, -1) : '/';
// Is the user trying to link to a php file in this domain and script path?
if (strpos($url, ".{$phpEx}") !== false && strpos($url, substr($user->page['root_script_path'], 0, -1)) !== false)
if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)
{
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
@ -805,7 +828,7 @@ class bbcode_firstpass extends bbcode
// Check again in correct order...
$pos_ext = strpos($url, ".{$phpEx}");
$pos_path = strpos($url, substr($user->page['root_script_path'], 0, -1));
$pos_path = strpos($url, $check_path);
$pos_domain = strpos($url, $server_name);
if ($pos_domain !== false && $pos_path >= $pos_domain && $pos_ext >= $pos_path)
@ -897,15 +920,7 @@ class parse_message extends bbcode_firstpass
}
}
// Parse smilies
if ($allow_smilies)
{
$this->smilies($config['max_' . $mode . '_smilies']);
}
$num_urls = 0;
// Parse BBCode
// Prepare BBcode (just prepares some tags for better parsing)
if ($allow_bbcode && strpos($this->message, '[') !== false)
{
$this->bbcode_init();
@ -917,8 +932,22 @@ class parse_message extends bbcode_firstpass
$this->bbcodes[$bool]['disabled'] = true;
}
}
$this->parse_bbcode();
$this->prepare_bbcodes();
}
// Parse smilies
if ($allow_smilies)
{
$this->smilies($config['max_' . $mode . '_smilies']);
}
$num_urls = 0;
// Parse BBCode
if ($allow_bbcode && strpos($this->message, '[') !== false)
{
$this->parse_bbcode();
$num_urls += $this->parsed_items['url'];
}
@ -1129,7 +1158,7 @@ class parse_message extends bbcode_firstpass
{
$new_entry = array(
'physical_filename' => $filedata['physical_filename'],
'comment' => $this->filename_data['filecomment'],
'attach_comment' => $this->filename_data['filecomment'],
'real_filename' => $filedata['real_filename'],
'extension' => $filedata['extension'],
'mimetype' => $filedata['mimetype'],
@ -1199,7 +1228,7 @@ class parse_message extends bbcode_firstpass
$edit_comment = request_var('edit_comment', array(0 => ''));
$edit_comment = key($edit_comment);
$this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment];
$this->attachment_data[$edit_comment]['attach_comment'] = $actual_comment_list[$edit_comment];
}
if (($add_file || $preview) && $upload_file)
@ -1213,7 +1242,7 @@ class parse_message extends bbcode_firstpass
{
$new_entry = array(
'physical_filename' => $filedata['physical_filename'],
'comment' => $this->filename_data['filecomment'],
'attach_comment' => $this->filename_data['filecomment'],
'real_filename' => $filedata['real_filename'],
'extension' => $filedata['extension'],
'mimetype' => $filedata['mimetype'],
@ -1279,7 +1308,7 @@ class parse_message extends bbcode_firstpass
// Get the data from the attachments
$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ')
WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . '
AND poster_id = ' . $check_user_id;
$result = $db->sql_query($sql);
@ -1289,7 +1318,7 @@ class parse_message extends bbcode_firstpass
{
$pos = $attach_ids[$row['attach_id']];
$this->attachment_data[$pos] = $row;
set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
unset($attach_ids[$row['attach_id']]);
}
@ -1308,8 +1337,8 @@ class parse_message extends bbcode_firstpass
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . "
WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')";
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames));
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -1329,7 +1358,7 @@ class parse_message extends bbcode_firstpass
'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0,
);
set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true);
set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int');
@ -1357,21 +1386,21 @@ class parse_message extends bbcode_firstpass
// Parse Poll Option text ;)
$tmp_message = $this->message;
$this->message = $poll['poll_option_text'];
$bbcode_bitfield = $this->bbcode_bitfield;
$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
$this->bbcode_bitfield |= $bbcode_bitfield;
$this->message = $tmp_message;
// Parse Poll Title
$tmp_message = $this->message;
$this->message = $poll['poll_title'];
$bbcode_bitfield = $this->bbcode_bitfield;
$poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
$this->bbcode_bitfield |= $bbcode_bitfield;
$this->message = $tmp_message;
unset($tmp_message);

34
phpBB/includes/search/fulltext_mysql.php
View file

@ -27,8 +27,11 @@ include_once($phpbb_root_path . 'includes/search/search.' . $phpEx);
*/
class fulltext_mysql extends search_backend
{
var $stats;
var $word_length;
var $stats = array();
var $word_length = array();
var $split_words = array();
var $search_query;
var $common_words = array();
function fulltext_mysql(&$error)
{
@ -98,6 +101,7 @@ class fulltext_mysql extends search_backend
/**
* Splits keywords entered by a user into an array of words stored in $this->split_words
* Stores the tidied search query in $this->search_query
*
* @param string $keywords Contains the keyword as entered by the user
* @param string $terms is either 'all' or 'any'
@ -157,6 +161,8 @@ class fulltext_mysql extends search_backend
}
}
$this->search_query = implode(' ', $this->split_words);
if (sizeof($this->split_words))
{
$this->split_words = array_values($this->split_words);
@ -306,19 +312,19 @@ class fulltext_mysql extends search_backend
}
else
{
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . '))';
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
}
$sql_select = (!$result_count) ? 'SQL_CALC_FOUND_ROWS ' : '';
$sql_select = ($type == 'posts') ? $sql_select . 'p.post_id' : 'DISTINCT ' . $sql_select . 't.topic_id';
$sql_from = ($join_topic) ? TOPICS_TABLE . ' t, ' : '';
$field = ($type == 'posts') ? 'post_id' : 'topic_id';
$sql_author = (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')';
$sql_author = (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(', ', $author_ary) . ')';
$sql_where_options = $sql_sort_join;
$sql_where_options .= ($topic_id) ? ' AND p.topic_id = ' . $topic_id : '';
$sql_where_options .= ($join_topic) ? ' AND t.topic_id = p.topic_id' : '';
$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
$sql_where_options .= $m_approve_fid_sql;
$sql_where_options .= (sizeof($author_ary)) ? ' AND p.poster_id ' . $sql_author : '';
$sql_where_options .= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@ -445,8 +451,8 @@ class fulltext_mysql extends search_backend
$id_ary = array();
// Create some display specific sql strings
$sql_author = 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]);
$sql_fora = (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
$sql_author = $db->sql_in_set('p.poster_id', $author_ary);
$sql_fora = (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
$sql_topic_id = ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
$sql_time = ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@ -481,7 +487,7 @@ class fulltext_mysql extends search_backend
}
else
{
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id IN (' . implode($m_approve_fid_ary) . '))';
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
}
// If the cache was completely empty count the results
@ -555,7 +561,7 @@ class fulltext_mysql extends search_backend
*
* @param string $mode contains the post mode: edit, post, reply, quote ...
*/
function index($mode, $post_id, &$message, &$subject, $poster_id)
function index($mode, $post_id, &$message, &$subject, $encoding, $poster_id, $forum_id)
{
global $db;
@ -606,7 +612,7 @@ class fulltext_mysql extends search_backend
/**
* Destroy cached results, that might be outdated after deleting a post
*/
function index_remove($post_ids, $author_ids)
function index_remove($post_ids, $author_ids, $forum_ids)
{
$this->destroy_cache(array(), $author_ids);
}
@ -637,7 +643,7 @@ class fulltext_mysql extends search_backend
return $error;
}
if (!is_array($this->stats))
if (empty($this->stats))
{
$this->get_stats();
}
@ -670,7 +676,7 @@ class fulltext_mysql extends search_backend
return $error;
}
if (!is_array($this->stats))
if (empty($this->stats))
{
$this->get_stats();
}
@ -695,7 +701,7 @@ class fulltext_mysql extends search_backend
*/
function index_created()
{
if (!is_array($this->stats))
if (empty($this->stats))
{
$this->get_stats();
}
@ -710,7 +716,7 @@ class fulltext_mysql extends search_backend
{
global $user;
if (!is_array($this->stats))
if (empty($this->stats))
{
$this->get_stats();
}

1512
phpBB/includes/search/fulltext_native.php
View file

File diff suppressed because it is too large Load diff

4
phpBB/includes/search/search.php
View file

@ -33,8 +33,6 @@ class search_backend
var $ignore_words = array();
var $match_synonym = array();
var $replace_synonym = array();
var $split_words = array();
var $common_words = array();
function search_backend(&$error)
{
@ -196,7 +194,7 @@ class search_backend
}
$db->sql_freeresult($result);
}
//set_config('last_search_time', time());
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_last_search = ' . time() . '
WHERE user_id = ' . $user->data['user_id'];

234
phpBB/includes/session.php
View file

@ -51,7 +51,7 @@ class session
// Now, remove the sid and let us get a clean query string...
foreach ($args as $key => $argument)
{
if (strpos($argument, 'sid=') === 0)
if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0)
{
unset($args[$key]);
break;
@ -67,8 +67,8 @@ class session
$page_name = htmlspecialchars(basename($script_name));
// current directory within the phpBB root (for example: adm)
$root_dirs = explode('/', str_replace('\\', '/', realpath($root_path)));
$page_dirs = explode('/', str_replace('\\', '/', realpath('./')));
$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
$intersection = array_intersect_assoc($root_dirs, $page_dirs);
$root_dirs = array_diff_assoc($root_dirs, $intersection);
@ -106,8 +106,8 @@ class session
'page_dir' => $page_dir,
'query_string' => $query_string,
'script_path' => htmlspecialchars($script_path),
'root_script_path' => htmlspecialchars($root_script_path),
'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)),
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)),
'page' => $page
);
@ -143,7 +143,8 @@ class session
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
$this->page = $this->extract_current_page($phpbb_root_path);
$this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : '';
// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
{
@ -156,6 +157,13 @@ class session
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
if (empty($this->session_id))
{
$this->session_id = $_SID = request_var('sid', '');
$SID = '?sid=' . $this->session_id;
$this->cookie_data = array('u' => 0, 'k' => '');
}
}
else
{
@ -171,17 +179,10 @@ class session
// Load limit check (if applicable)
if ($config['limit_load'])
{
if (@file_exists('/proc/loadavg') && @is_readable('/proc/loadavg'))
if ($load = @file_get_contents('/proc/loadavg'))
{
if ($load = @file_get_contents('/proc/loadavg'))
{
$this->load = array_slice(explode(' ', $load), 0, 1);
$this->load = floatval($this->load[0]);
}
else
{
set_config('limit_load', '0');
}
$this->load = array_slice(explode(' ', $load), 0, 1);
$this->load = floatval($this->load[0]);
}
else
{
@ -219,18 +220,14 @@ class session
// Check whether the session is still valid if we have one
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
$method = 'validate_session_' . $method;
if (function_exists($method))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'validate_session_' . $method;
if (function_exists($method))
if (!$method($this->data))
{
if (!$method($this->data))
{
$session_expired = true;
}
$session_expired = true;
}
}
@ -356,21 +353,17 @@ class session
}
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
$method = 'autologin_' . $method;
if (function_exists($method))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$this->data = $method();
$method = 'autologin_' . $method;
if (function_exists($method))
if (sizeof($this->data))
{
$this->data = $method();
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
}
@ -420,7 +413,7 @@ class session
$db->sql_freeresult($result);
}
if ($this->data['user_id'] != ANONYMOUS)
if ($this->data['user_id'] != ANONYMOUS && !$bot)
{
$this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
}
@ -437,7 +430,7 @@ class session
// @todo Change to !$this->data['user_type'] & USER_FOUNDER && !$this->data['user_type'] & USER_BOT in time
if ($this->data['user_type'] != USER_FOUNDER)
{
$this->check_ban();
$this->check_ban($this->data['user_id'], $this->ip);
}
//
@ -470,8 +463,10 @@ class session
$db->sql_return_on_error(true);
$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
$sql = 'DELETE
FROM ' . SESSIONS_TABLE . '
WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'
AND session_user_id = ' . ANONYMOUS;
if (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows())
{
@ -490,15 +485,16 @@ class session
trigger_error('BOARD_UNAVAILABLE');
}
}
$this->session_id = $this->data['session_id'] = md5(unique_id());
$sql_ary['session_id'] = (string) $this->session_id;
$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
}
$this->session_id = $this->data['session_id'] = md5(unique_id());
$sql_ary['session_id'] = (string) $this->session_id;
$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
$db->sql_return_on_error(false);
// Regenerate autologin/persistent login key
@ -507,8 +503,8 @@ class session
$this->set_login_key();
}
$SID = '?sid=';
$_SID = '';
$SID = '?sid=' . $this->session_id;
$_SID = $this->session_id;
if (!$bot)
{
@ -518,9 +514,6 @@ class session
$this->set_cookie('k', $this->cookie_data['k'], $cookie_expire);
$this->set_cookie('sid', $this->session_id, $cookie_expire);
$SID = '?sid=' . $this->session_id;
$_SID = $this->session_id;
unset($cookie_expire);
}
@ -546,16 +539,12 @@ class session
// Allow connecting logout with external auth method logout
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
$method = 'logout_' . $method;
if (function_exists($method))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'logout_' . $method;
if (function_exists($method))
{
$method($this->data);
}
$method($this->data);
}
if ($this->data['user_id'] != ANONYMOUS)
@ -657,7 +646,7 @@ class session
WHERE session_time < ' . (int) ($this->time_now - $config['session_length']);
$db->sql_query($sql);
set_config('session_last_gc', $this->time_now);
set_config('session_last_gc', $this->time_now, true);
break;
default:
@ -669,33 +658,30 @@ class session
GROUP BY session_user_id, session_page';
$result = $db->sql_query_limit($sql, 5);
$del_user_id = '';
$del_user_id = array();
$del_sessions = 0;
if ($row = $db->sql_fetchrow($result))
{
do
{
if ($row['session_user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . $row['session_user_id'];
$db->sql_query($sql);
}
$del_user_id .= (($del_user_id != '') ? ', ' : '') . (int) $row['session_user_id'];
$del_sessions++;
while ($row = $db->sql_fetchrow($result));
{
if ($row['session_user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . (int) $row['session_user_id'];
$db->sql_query($sql);
}
while ($row = $db->sql_fetchrow($result));
$del_user_id[] = (int) $row['session_user_id'];
$del_sessions++;
}
$db->sql_freeresult($result);
if ($del_user_id)
if (sizeof($del_user_id))
{
// Delete expired sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_user_id IN ($del_user_id)
AND session_time < " . ($this->time_now - $config['session_length']);
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
AND session_time < ' . ($this->time_now - $config['session_length']);
$db->sql_query($sql);
}
@ -755,16 +741,44 @@ class session
{
global $config, $db;
$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
$user_email = ($user_email === false) ? $this->data['user_email'] : $user_email;
$banned = false;
$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
FROM ' . BANLIST_TABLE . '
WHERE ban_end >= ' . time() . '
OR ban_end = 0';
WHERE (ban_end >= ' . time() . ' OR ban_end = 0)';
// Determine which entries to check, only return those
if ($user_email === false)
{
$sql .= " AND ban_email = ''";
}
if ($user_ip === false)
{
$sql .= " AND (ban_ip = '' OR (ban_ip <> '' AND ban_exclude = 1))";
}
if ($user_id === false)
{
$sql .= ' AND (ban_userid = 0 OR (ban_userid <> 0 AND ban_exclude = 1))';
}
else
{
$sql .= ' AND (ban_userid = ' . $user_id;
if ($user_email !== false)
{
$sql .= " OR ban_email <> ''";
}
if ($user_ip !== false)
{
$sql .= " OR ban_ip <> ''";
}
$sql .= ')';
}
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1066,8 +1080,33 @@ class user extends session
{
$this->theme['theme_storedb'] = 1;
$stylesheet = file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css");
// Match CSS imports
$matches = array();
preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
if (sizeof($matches))
{
$content = '';
foreach ($matches[0] as $idx => $match)
{
if ($content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" . $matches[1][$idx]))
{
$content = trim($content);
}
else
{
$content = '';
}
$stylesheet = str_replace($match, $content, $stylesheet);
}
unset ($content);
}
$stylesheet = str_replace('./', 'styles/' . $this->theme['theme_path'] . '/theme/', $stylesheet);
$sql_ary = array(
'theme_data' => implode('', file("{$phpbb_root_path}styles/" . $this->theme['theme_path'] . '/theme/stylesheet.css')),
'theme_data' => $stylesheet,
'theme_mtime' => time(),
'theme_storedb' => 1
);
@ -1102,9 +1141,9 @@ class user extends session
// Does the user need to change their password? If so, redirect to the
// ucp profile reg_details page ... of course do not redirect if we're already in the ucp
if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['is_registered'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
{
if (strpos($this->page['query_string'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx")
if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx")
{
redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=reg_details'));
}
@ -1205,17 +1244,18 @@ class user extends session
*/
function format_date($gmepoch, $format = false, $forcedate = false)
{
static $lang_dates, $midnight;
static $midnight;
if (empty($lang_dates))
$lang_dates = $this->lang['datetime'];
$format = (!$format) ? $this->date_format : $format;
// Short representation of month in format
if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false))
{
foreach ($this->lang['datetime'] as $match => $replace)
{
$lang_dates[$match] = $replace;
}
$lang_dates['May'] = $lang_dates['May_short'];
}
$format = (!$format) ? $this->date_format : $format;
unset($lang_dates['May_short']);
if (!$midnight)
{

Some files were not shown because too many files have changed in this diff Show more