From eeb4907112d4d6e3064e2ccac80d77f9b02d2375 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Sun, 12 Oct 2003 11:59:23 +0000 Subject: [PATCH] Let's break lots of things git-svn-id: file:///svn/phpbb/trunk@4578 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/common.php | 22 +- phpBB/includes/bbcode.php | 4 +- phpBB/includes/functions.php | 49 +++- phpBB/includes/functions_admin.php | 12 +- phpBB/includes/functions_messenger.php | 29 +++ phpBB/includes/functions_posting.php | 4 + phpBB/includes/message_parser.php | 6 - phpBB/includes/session.php | 16 +- phpBB/includes/ucp/ucp_activate.php | 4 +- phpBB/includes/ucp/ucp_prefs.php | 84 ++++--- phpBB/includes/ucp/ucp_register.php | 2 +- phpBB/includes/ucp/ucp_remind.php | 11 +- phpBB/includes/ucp/ucp_zebra.php | 2 +- phpBB/install/schemas/mysql_schema.sql | 23 +- phpBB/language/en/lang_main.php | 2 +- phpBB/memberlist.php | 229 ++++++++---------- phpBB/posting.php | 134 +++++----- .../styles/subSilver/template/ucp_header.html | 2 +- .../subSilver/template/viewtopic_body.html | 6 +- phpBB/viewforum.php | 2 +- phpBB/viewtopic.php | 44 ++-- 21 files changed, 353 insertions(+), 334 deletions(-) diff --git a/phpBB/common.php b/phpBB/common.php index 2f4af82291..919058ff2d 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -33,13 +33,13 @@ if (@ini_get('register_globals')) } // If magic quotes is off, addslashes -if (!get_magic_quotes_gpc()) +/*if (!get_magic_quotes_gpc()) { $_GET = slash_input_data($_GET); $_POST = slash_input_data($_POST); $_REQUEST = slash_input_data($_REQUEST); $_COOKIE = slash_input_data($_COOKIE); -} +}*/ require($phpbb_root_path . 'config.'.$phpEx); @@ -110,6 +110,11 @@ define('POST_GLOBAL', 3); define('TRACK_NORMAL', 0); // not used at the moment define('TRACK_POSTED', 1); +// Notify methods +define('NOTIFY_EMAIL', 0); +define('NOTIFY_IM', 1); +define('NOTIFY_BOTH', 2); + // Log types define('LOG_ADMIN', 0); define('LOG_MOD', 1); @@ -191,6 +196,8 @@ define('POLL_OPTIONS_TABLE', $table_prefix.'poll_results'); define('POLL_VOTES_TABLE', $table_prefix.'poll_voters'); define('ZEBRA_TABLE', $table_prefix.'zebra'); +define('STRIP', get_magic_quotes_gpc() ? true : false); + // Set PHP error handler to ours set_error_handler('msg_handler'); @@ -247,17 +254,6 @@ if (time() - $config['cache_interval'] >= $config['cache_last_gc']) } */ -// Handle email/cron queue. -if (time() - $config['queue_interval'] >= $config['last_queue_run'] && !defined('IN_ADMIN')) -{ - if (file_exists($phpbb_root_path . 'cache/queue.' . $phpEx)) - { - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $queue = new queue(); - $queue->process(); - } -} - // Warn about install/ directory if (file_exists('install')) { diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 3e4a294529..a18a2c4942 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -184,7 +184,7 @@ class bbcode )); break; case 4: - if ($user->data['user_viewimg']) + if ($user->optionget('viewimg')) { $this->bbcode_cache[$bbcode_id] = array('preg' => array( '#\[img:$uid\](.*?)\[/img:$uid\]#s' => $this->bbcode_tpl('img', $bbcode_id) @@ -240,7 +240,7 @@ class bbcode )); break; case 11: - if ($user->data['user_viewflash']) + if ($user->optionget('viewflash')) { $this->bbcode_cache[$bbcode_id] = array('preg' => array( '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => $this->bbcode_tpl('flash', $bbcode_id) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9a39a38b63..e36eadf2db 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -32,7 +32,11 @@ function request_var($var_name, $default) if ($type == 'string') { - $var[$k] = htmlspecialchars(trim(stripslashes(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $var[$k])))); + $var[$k] = htmlspecialchars(trim(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $var[$k]))); + if (STRIP) + { + $var[$k] = stripslashes($var[$k]); + } } } } @@ -44,7 +48,11 @@ function request_var($var_name, $default) // not generally applicable elsewhere if ($type == 'string') { - $var = htmlspecialchars(trim(stripslashes(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $var)))); + $var = htmlspecialchars(trim(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $var))); + if (STRIP) + { + $var = stripslashes($var); + } } } @@ -205,7 +213,7 @@ function discover_auth($user_id_ary, $opts = false, $forum_id = false) $user_id_ary = array($user_id_ary); } - $sql_forum = ($forum_id) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : implode(', ', $forum_id)) : ''; + $sql_forum = ($forum_id) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : ''; $sql_opts = ($opts) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . $db->sql_escape('\\1') . \"'\"", $opts)) . ')') : ''; $hold_ary = array(); @@ -241,7 +249,7 @@ function discover_auth($user_id_ary, $opts = false, $forum_id = false) while ($row = $db->sql_fetchrow($result)) { - if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] !== ACL_NO)) + if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO)) { $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['min_setting']; } @@ -256,7 +264,7 @@ function gen_forum_rules($mode, &$forum_id) { global $SID, $template, $auth, $user; - $rules = array('post', 'reply', 'lock', 'edit', 'delete', 'attach', 'download'); + $rules = array('post', 'reply', 'edit', 'delete', 'attach'); foreach ($rules as $rule) { @@ -448,7 +456,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat $u_url = ($mode == 'forum') ? 'f' : 't'; // Is user watching this thread? - if ($user_id) + if ($user_id != ANONYMOUS) { $can_watch = TRUE; @@ -818,7 +826,7 @@ function obtain_word_list(&$censors) { global $db, $cache, $user; - if (!$user->optionget('viewcensors') && !$user->data['coppa'] && $config['allow_nocensors']) + if (!$user->optionget('viewcensors') && $config['allow_nocensors']) { return; } @@ -1022,6 +1030,10 @@ function login_box($s_action, $s_hidden_fields = '', $login_explain = '') if (($result = $auth->login($_POST['username'], $_POST['password'], $autologin, $viewonline)) === true) { + // TODO + // Force change password ... plugin for EVENT_LOGIN in future + // but for now we'll do it here + return true; } @@ -1369,18 +1381,18 @@ function page_header($page_title = '') } else { - $l_privmsgs_text = $user->lang['No_new_pm']; + $l_privmsgs_text = $user->lang['NO_NEW_PM']; $s_privmsg_new = 0; } if ($user->data['user_unread_privmsg']) { - $l_message_unread = ($user->data['user_unread_privmsg'] == 1) ? $user->lang['Unread_pm'] : $user->lang['Unread_pms']; + $l_message_unread = ($user->data['user_unread_privmsg'] == 1) ? $user->lang['UNREAD_PM'] : $user->lang['UNREAD_PMS']; $l_privmsgs_text_unread = sprintf($l_message_unread, $user->data['user_unread_privmsg']); } else { - $l_privmsgs_text_unread = $user->lang['No_unread_pm']; + $l_privmsgs_text_unread = $user->lang['NO_UNREAD_PM']; } } @@ -1423,7 +1435,7 @@ function page_header($page_title = '') 'U_SEARCH_UNANSWERED' => 'search.'.$phpEx.$SID.'&search_id=unanswered', 'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false, - 'S_USER_PM_POPUP' => ($user->optionget('popuppm')) ? true : false, + 'S_USER_PM_POPUP' => $user->optionget('popuppm'), 'S_USER_BROWSER' => $user->data['session_browser'], 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], 'S_CONTENT_ENCODING' => $user->lang['ENCODING'], @@ -1455,7 +1467,7 @@ function page_header($page_title = '') function page_footer() { - global $db, $config, $template, $SID, $user, $auth, $cache, $starttime, $phpEx; + global $db, $config, $template, $SID, $user, $auth, $cache, $messenger, $starttime, $phpbb_root_path, $phpEx; // Output page creation time if (defined('DEBUG')) @@ -1472,7 +1484,7 @@ function page_footer() if ($auth->acl_get('a_')) { - $debug_output .= ' | Explain'; + $debug_output .= ' | Explain'; } $debug_output .= ' ]'; } @@ -1485,6 +1497,17 @@ function page_footer() $template->display('body'); + // Handle email/cron queue. + if (time() - $config['queue_interval'] >= $config['last_queue_run'] && !defined('IN_ADMIN')) + { + if (file_exists($phpbb_root_path . 'cache/queue.' . $phpEx)) + { + include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + $queue = new queue(); + $queue->process(); + } + } + // Unload cache, must be done before the DB connection if closed if (!empty($cache)) { diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index bffe9451a8..40991815a6 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -1707,18 +1707,18 @@ function add_log() switch ($mode) { case 'admin': - $sql = "INSERT INTO " . LOG_TABLE . " (log_type, user_id, log_ip, log_time, log_operation, log_data) - VALUES (" . LOG_ADMIN . ", " . $user->data['user_id'] . ", '$user->ip', " . time() . ", '$action', '$data')"; + $sql = 'INSERT INTO ' . LOG_TABLE . ' (log_type, user_id, log_ip, log_time, log_operation, log_data) + VALUES (' . LOG_ADMIN . ', ' . $user->data['user_id'] . ", '$user->ip', " . time() . ", '$action', '$data')"; break; case 'mod': - $sql = "INSERT INTO " . LOG_TABLE . " (log_type, user_id, forum_id, topic_id, log_ip, log_time, log_operation, log_data) - VALUES (" . LOG_MOD . ", " . $user->data['user_id'] . ", $forum_id, $topic_id, '$user->ip', " . time() . ", '$action', '$data')"; + $sql = 'INSERT INTO ' . LOG_TABLE . ' (log_type, user_id, forum_id, topic_id, log_ip, log_time, log_operation, log_data) + VALUES (' . LOG_MOD . ', ' . $user->data['user_id'] . ", $forum_id, $topic_id, '$user->ip', " . time() . ", '$action', '$data')"; break; case 'critical': - $sql = "INSERT INTO " . LOG_TABLE . " (log_type, user_id, log_ip, log_time, log_operation, log_data) - VALUES (" . LOG_CRITICAL . ", " . $user->data['user_id'] . ", '$user->ip', " . time() . ", '$action', '$data')"; + $sql = 'INSERT INTO ' . LOG_TABLE . ' (log_type, user_id, log_ip, log_time, log_operation, log_data) + VALUES (' . LOG_CRITICAL . ', ' . $user->data['user_id'] . ", '$user->ip', " . time() . ", '$action', '$data')"; break; default: diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index f67bfb41b1..79fc1bdd14 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -821,6 +821,35 @@ function server_parse($socket, $response) return 0; } +// Encodes the given string for proper display for this encoding ... nabbed +// from php.net and modified. There is an alternative encoding method which +// may produce less output but it's questionable as to its worth in this +// scenario IMO +function mail_encode($str) +{ + if ($this->encoding == '') + { + return $str; + } + + // define start delimimter, end delimiter and spacer + $end = "?="; + $start = "=?$this->encoding?B?"; + $spacer = "$end\r\n $start"; + + // determine length of encoded text within chunks and ensure length is even + $length = 75 - strlen($start) - strlen($end); + $length = floor($length / 2) * 2; + + // encode the string and split it into chunks with spacers after each chunk + $str = chunk_split(base64_encode($str), $length, $spacer); + + // remove trailing spacer and add start and end delimiters + $str = preg_replace('#' . preg_quote($spacer) . '$#', '', $str); + + return $start . $str . $end; +} + function md5_digest() { } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 9ec7859d27..f63b797373 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -29,6 +29,7 @@ function generate_smilies($mode, $forum_id) WHERE forum_id = $forum_id"; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); $user->setup(FALSE, (int) $row['forum_style']); @@ -46,10 +47,13 @@ function generate_smilies($mode, $forum_id) FROM ' . SMILIES_TABLE . ' WHERE display_on_posting = 0'; $result = $db->sql_query_limit($sql, 1, 0, 3600); + $row = $db->sql_fetchrow($result); + if ($row = $db->sql_fetchrow($result)) { $display_link = TRUE; } + $db->sql_freeresult($result); } $sql = 'SELECT * diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 2ab41d4df5..bf1b0f0d53 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -957,9 +957,6 @@ class fulltext_search return; } -// $mtime = explode(' ', microtime()); -// $starttime = $mtime[1] + $mtime[0]; - // Split old and new post/subject to obtain array of 'words' $stopped_words = array(); $split_text = $this->split_words('post', $message, $stopped_words); @@ -1089,9 +1086,6 @@ class fulltext_search unset($words); -// $mtime = explode(' ', microtime()); -// echo "Search parser time taken >> " . ($mtime[1] + $mtime[0] - $starttime); - // Run the cleanup infrequently, once per session cleanup if ($config['search_last_gc'] < time() - $config['search_gc']) { diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8264472ce6..ca559076ff 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -33,14 +33,14 @@ class session if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data'])) { - $sessiondata = (isset($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : ''; - $this->session_id = (isset($_COOKIE[$config['cookie_name'] . '_sid'])) ? $_COOKIE[$config['cookie_name'] . '_sid'] : ''; + $sessiondata = unserialize(request_var($config['cookie_name'] . '_data', '')); + $this->session_id = request_var($config['cookie_name'] . '_sid', ''); $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; } else { $sessiondata = ''; - $this->session_id = (isset($_GET['sid'])) ? $_GET['sid'] : ''; + $this->session_id = request_var('sid', ''); $SID = '?sid=' . $this->session_id; } @@ -65,11 +65,11 @@ class session // Load limit check (if applicable) if (@file_exists('/proc/loadavg')) { - if ($config['limit_load'] && $load = @file('/proc/loadavg')) + if ($load = @file('/proc/loadavg')) { list($this->load) = explode(' ', $load[0]); - if ($this->load > doubleval($config['limit_load'])) + if ($config['limit_load'] && $this->load > doubleval($config['limit_load'])) { trigger_error('BOARD_UNAVAILABLE'); } @@ -138,7 +138,7 @@ class session $sessiondata = array(); $current_time = time(); - if (intval($config['active_sessions'])) + if ($config['active_sessions']) { // Limit sessions in 1 minute period $sql = 'SELECT COUNT(*) AS sessions @@ -302,7 +302,7 @@ class session if ($this->data['user_id'] != ANONYMOUS) { - // Trigger EVT_END_SESSION + // Trigger EVENT_END_SESSION } return true; @@ -721,7 +721,7 @@ class auth while ($row = $db->sql_fetchrow($result)) { - if (!isset($hold_ary[$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['forum_id']][$row['auth_option']] !== ACL_NO)) + if (!isset($hold_ary[$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['forum_id']][$row['auth_option']] != ACL_NO)) { $hold_ary[$row['forum_id']][$row['auth_option']] = $row['min_setting']; } diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index da43668294..dbd992fbf2 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -35,7 +35,7 @@ class ucp_activate extends module { $sql_update_pass = ($row['user_newpasswd'] != '') ? ", user_password = '" . $db->sql_escape($row['user_newpasswd']) . "', user_newpasswd = ''" : ''; - $sql = "UPDATE " . USERS_TABLE . " + $sql = 'UPDATE ' . USERS_TABLE . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . " WHERE user_id = " . $row['user_id']; $result = $db->sql_query($sql); @@ -63,7 +63,7 @@ class ucp_activate extends module else { meta_refresh(3, "index.$phpEx$SID"); - $message = ($sql_update_pass == '') ? $user->lang['Account_active'] : $user->lang['Password_activated']; + $message = (!$sql_update_pass) ? $user->lang['ACCOUNT_ACTIVE'] : $user->lang['PASSWORD_ACTIVATED']; trigger_error($message); } diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index d368188f01..11efb5a64d 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -35,8 +35,10 @@ class ucp_prefs extends module 'viewemail' => false, 'massemail' => true, 'hideonline' => false, + 'notifymethod' => 0, 'notifypm' => true, 'popuppm' => false, + 'allowpm' => true, ); foreach ($var_ary as $var => $default) @@ -54,14 +56,19 @@ class ucp_prefs extends module extract($data); unset($data); + // Set the popuppm option + $user->optionset('popuppm', $popuppm); + if (!sizeof($error)) { $sql_ary = array( + 'user_allow_pm' => $allowpm, 'user_allow_viewemail' => $viewemail, 'user_allow_massemail' => $massemail, 'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$hideonline : $user->data['user_allow_viewonline'], + 'user_notify_type' => $notifymethod, 'user_notify_pm' => $notifypm, - 'user_popup_pm' => $popuppm, + 'user_options' => $user->data['user_options'], 'user_dst' => $dst, 'user_dateformat' => $dateformat, @@ -87,20 +94,24 @@ class ucp_prefs extends module $massemail = (isset($massemail)) ? $massemail : $user->data['user_allow_massemail']; $mass_email_yes = ($massemail) ? ' checked="checked"' : ''; $mass_email_no = (!$massemail) ? ' checked="checked"' : ''; + $allowpm = (isset($allowpm)) ? $allowpm : $user->data['user_allow_pm']; + $allow_pm_yes = ($allowpm) ? ' checked="checked"' : ''; + $allow_pm_no = (!$allowpm) ? ' checked="checked"' : ''; $hideonline = (isset($hideonline)) ? $hideonline : !$user->data['user_allow_viewonline']; $hide_online_yes = ($hideonline) ? ' checked="checked"' : ''; $hide_online_no = (!$hideonline) ? ' checked="checked"' : ''; $notifypm = (isset($notifypm)) ? $notifypm : $user->data['user_notify_pm']; $notify_pm_yes = ($notifypm) ? ' checked="checked"' : ''; $notify_pm_no = (!$notifypm) ? ' checked="checked"' : ''; - $popuppm = (isset($popuppm)) ? $popuppm : $user->data['user_popup_pm']; + $popuppm = (isset($popuppm)) ? $popuppm : $user->optionget('popuppm'); $popup_pm_yes = ($popuppm) ? ' checked="checked"' : ''; $popup_pm_no = (!$popuppm) ? ' checked="checked"' : ''; $dst = (isset($dst)) ? $dst : $user->data['user_dst']; $dst_yes = ($dst) ? ' checked="checked"' : ''; $dst_no = (!$dst) ? ' checked="checked"' : ''; + + $notifymethod = (isset($notifymethod)) ? $notifymethod : $user->data['user_notify_type']; $dateformat = (isset($dateformat)) ? $dateformat : $user->data['user_dateformat']; - $lang = (isset($lang)) ? $lang : $user->data['user_lang']; $style = (isset($style)) ? $style : $user->data['user_style']; $tz = (isset($tz)) ? $tz : $user->data['user_timezone']; @@ -114,19 +125,25 @@ class ucp_prefs extends module 'ADMIN_EMAIL_NO' => $mass_email_no, 'HIDE_ONLINE_YES' => $hide_online_yes, 'HIDE_ONLINE_NO' => $hide_online_no, + 'ALLOW_PM_YES' => $allow_pm_yes, + 'ALLOW_PM_NO' => $allow_pm_no, 'NOTIFY_PM_YES' => $notify_pm_yes, 'NOTIFY_PM_NO' => $notify_pm_no, 'POPUP_PM_YES' => $popup_pm_yes, 'POPUP_PM_NO' => $popup_pm_no, 'DST_YES' => $dst_yes, 'DST_NO' => $dst_no, + 'NOTIFY_EMAIL' => ($notifymethod == NOTIFY_EMAIL) ? 'checked="checked"' : '', + 'NOTIFY_IM' => ($notifymethod == NOTIFY_IM) ? 'checked="checked"' : '', + 'NOTIFY_BOTH' => ($notifymethod == NOTIFY_BOTH) ? 'checked="checked"' : '', 'DATE_FORMAT' => $dateformat, 'S_LANG_OPTIONS' => language_select($lang), 'S_STYLE_OPTIONS' => style_select($style), 'S_TZ_OPTIONS' => tz_select($tz), - 'S_CAN_HIDE_ONLINE' => true, + 'S_CAN_HIDE_ONLINE' => true, + 'S_SELECT_NOTIFY' => ($config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml')) ? true : false, ) ); break; @@ -140,6 +157,7 @@ class ucp_prefs extends module 'sd' => (string) 'd', 'st' => 0, 'minkarma' => (int) -5, + 'images' => true, 'flash' => false, 'smilies' => true, @@ -164,13 +182,18 @@ class ucp_prefs extends module if (!sizeof($error)) { + $user->optionset('viewimg', $images); + $user->optionset('viewflash', $flash); + $user->optionset('viewsmilies', $smilies); + $user->optionset('viewsigs', $sigs); + $user->optionset('viewavatars', $avatars); + if ($auth->acl_get('u_chgcensors')) + { + $user->optionset('viewcensors', $wordcensor); + } + $sql_ary = array( - 'user_viewimg' => $images, - 'user_viewflash' => $flash, - 'user_viewsmilies' => $smilies, - 'user_viewsigs' => $sigs, - 'user_viewavatars' => $avatars, - 'user_viewcensors' => ($auth->acl_get('u_chgcensors')) ? $wordcensor : $user->data['user_viewcensors'], + 'user_options' => $user->data['user_options'], 'user_sortby_type' => $sk, 'user_sortby_dir' => $sd, 'user_show_days' => $st, @@ -209,22 +232,22 @@ class ucp_prefs extends module $s_min_karma_options .= ""; } - $images = (isset($images)) ? $images : $user->data['user_viewimg']; + $images = (isset($images)) ? $images : $user->optionget('viewimg'); $images_yes = ($images) ? ' checked="checked"' : ''; $images_no = (!$images) ? ' checked="checked"' : ''; - $flash = (isset($flash)) ? $flash : $user->data['user_viewflash']; + $flash = (isset($flash)) ? $flash : $user->optionget('viewflash'); $flash_yes = ($flash) ? ' checked="checked"' : ''; $flash_no = (!$flash) ? ' checked="checked"' : ''; - $smilies = (isset($smilies)) ? $smilies : $user->data['user_viewsmilies']; + $smilies = (isset($smilies)) ? $smilies : $user->optionget('viewsmilies'); $smilies_yes = ($smilies) ? ' checked="checked"' : ''; $smilies_no = (!$smilies) ? ' checked="checked"' : ''; - $sigs = (isset($sigs)) ? $sigs : $user->data['user_viewsigs']; + $sigs = (isset($sigs)) ? $sigs : $user->optionget('viewsigs'); $sigs_yes = ($sigs) ? ' checked="checked"' : ''; $sigs_no = (!$sigs) ? ' checked="checked"' : ''; - $avatars = (isset($avatars)) ? $avatars : $user->data['user_viewavatars']; + $avatars = (isset($avatars)) ? $avatars : $user->optionget('viewavatars'); $avatars_yes = ($avatars) ? ' checked="checked"' : ''; $avatars_no = (!$avatars) ? ' checked="checked"' : ''; - $wordcensor = (isset($wordcensor)) ? $wordcensor : $user->data['user_viewcensors']; + $wordcensor = (isset($wordcensor)) ? $wordcensor : $user->optionget('viewcensors'); $wordcensor_yes = ($wordcensor) ? ' checked="checked"' : ''; $wordcensor_no = (!$wordcensor) ? ' checked="checked"' : ''; @@ -270,14 +293,16 @@ class ucp_prefs extends module $$var = request_var($var, $default); } + $user->optionset('bbcode', $bbcode); + $user->optionset('html', $html); + $user->optionset('smile', $smilies); + $user->optionset('attachsig', $sig); + if (!sizeof($error)) { $sql_ary = array( - 'user_allowbbcode' => $bbcode, - 'user_allowhtml' => $html, - 'user_allowsmile' => $smilies, - 'user_attachsig' => $sig, - 'user_notify' => $notify, + 'user_options' => $user->data['user_options'], + 'user_notify' => $notify, ); $sql = 'UPDATE ' . USERS_TABLE . ' @@ -291,16 +316,16 @@ class ucp_prefs extends module } } - $bbcode = (isset($bbcode)) ? $bbcode : $user->data['user_allowbbcode']; + $bbcode = (isset($bbcode)) ? $bbcode : $user->optionget('bbcode'); $bbcode_yes = ($bbcode) ? ' checked="checked"' : ''; $bbcode_no = (!$bbcode) ? ' checked="checked"' : ''; - $html = (isset($html)) ? $html : $user->data['user_allowhtml']; + $html = (isset($html)) ? $html : $user->optionget('html'); $html_yes = ($html) ? ' checked="checked"' : ''; $html_no = (!$html) ? ' checked="checked"' : ''; - $smilies = (isset($smilies)) ? $smilies : $user->data['user_allowsmile']; + $smilies = (isset($smilies)) ? $smilies : $user->optionget('smile'); $smilies_yes = ($smilies) ? ' checked="checked"' : ''; $smilies_no = (!$smilies) ? ' checked="checked"' : ''; - $sig = (isset($sig)) ? $sig : $user->data['user_attachsig']; + $sig = (isset($sig)) ? $sig : $user->optionget('attachsig'); $sig_yes = ($sig) ? ' checked="checked"' : ''; $sig_no = (!$sig) ? ' checked="checked"' : ''; $notify = (isset($notify)) ? $notify : $user->data['user_notify']; @@ -325,14 +350,13 @@ class ucp_prefs extends module } $template->assign_vars(array( - 'L_TITLE' => $user->lang['UCP_' . strtoupper($mode)], + 'L_TITLE' => $user->lang['UCP_' . strtoupper($mode)], - 'S_DISPLAY_' . strtoupper($mode) => true, - 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_UCP_ACTION' => "ucp.$phpEx$SID&i=$id&mode=$mode") + 'S_HIDDEN_FIELDS' => $s_hidden_fields, + 'S_UCP_ACTION' => "ucp.$phpEx$SID&i=$id&mode=$mode") ); - $this->display($user->lang['UCP_PROFILE'], 'ucp_prefs.html'); + $this->display($user->lang['UCP_PROFILE'], 'ucp_prefs_' . $mode . '.html'); } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 83dde01154..3df484b502 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -321,7 +321,7 @@ class ucp_register extends module { if ($row['attempts'] > 3) { -// trigger_error($user->lang['TOO_MANY_REGISTERS']); + trigger_error($user->lang['TOO_MANY_REGISTERS']); } } $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 9f5a19bb58..cf706de6f6 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -17,7 +17,9 @@ class ucp_remind extends module { global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; - if (isset($_POST['submit'])) + $submit = (isset($_POST['submit'])) ? true : false; + + if ($submit) { $username = (!empty($_POST['username'])) ? trim($_POST['username']) : ''; $email = (!empty($_POST['email'])) ? trim($_POST['email']) : ''; @@ -38,11 +40,11 @@ class ucp_remind extends module $server_url = generate_board_url(); $username = $row['username']; - $user_actkey = $this->gen_rand_string(10); + $user_actkey = gen_rand_string(10); $key_len = 54 - strlen($server_url); $key_len = ($str_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); - $user_password = $this->gen_rand_string(false); + $user_password = gen_rand_string(false); $sql = 'UPDATE ' . USERS_TABLE . " SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey' @@ -84,8 +86,7 @@ class ucp_remind extends module } else { - $username = ''; - $email = ''; + $username = $email = ''; } $template->assign_vars(array( diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index 4dd1e43fa5..e0c08cca16 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -97,7 +97,7 @@ class ucp_zebra extends module { foreach ($forum_ary as $forum_id => $option_ary) { - if (array_sum(array_values($forum_ary))) + if (array_sum(array_values($option_ary))) { $perms[] = $user_id; break; diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index 69c4de32a6..d5d1274ec1 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -239,6 +239,7 @@ CREATE TABLE phpbb_groups ( group_avatar_type tinyint(4), group_rank int(11) DEFAULT '0', group_colour varchar(6) DEFAULT '' NOT NULL, + group_chgpass smallint(6) DEFAULT '0' NOT NULL, group_description varchar(255) NOT NULL, PRIMARY KEY (group_id) ); @@ -671,7 +672,7 @@ CREATE TABLE phpbb_ucp_modules ( # Table: 'phpbb_user_group' CREATE TABLE phpbb_user_group ( group_id mediumint(8) DEFAULT '0' NOT NULL, - user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, group_leader tinyint(1) DEFAULT '0' NOT NULL, user_pending tinyint(1), KEY group_id (group_id), @@ -690,6 +691,7 @@ CREATE TABLE phpbb_users ( user_regdate int(11) DEFAULT '0' NOT NULL, username varchar(30) DEFAULT '' NOT NULL, user_password varchar(32) DEFAULT '' NOT NULL, + user_passchg int(11) DEFAULT '0' NOT NULL, user_email varchar(60) DEFAULT '' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, user_lastvisit int(11) DEFAULT '0' NOT NULL, @@ -697,6 +699,7 @@ CREATE TABLE phpbb_users ( user_lastpage varchar(100) DEFAULT '' NOT NULL, user_karma tinyint(1) DEFAULT '0' NOT NULL, user_min_karma tinyint(1) DEFAULT '-5' NOT NULL, + user_warnings tinyint(4) DEFAULT '0' NOT NULL, user_colour varchar(6) DEFAULT '' NOT NULL, user_posts mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, user_lang varchar(30) DEFAULT '' NOT NULL, @@ -712,26 +715,14 @@ CREATE TABLE phpbb_users ( user_sortby_type varchar(1) DEFAULT '' NOT NULL, user_sortby_dir varchar(1) DEFAULT '' NOT NULL, user_show_days tinyint(1) DEFAULT '' NOT NULL, - user_viewimg tinyint(1) DEFAULT '1' NOT NULL, - user_notify tinyint(1) DEFAULT '0' NOT NULL, - user_notify_pm tinyint(1) DEFAULT '1' NOT NULL, - user_popup_pm tinyint(1) DEFAULT '0' NOT NULL, - user_viewflash tinyint(1) DEFAULT '1' NOT NULL, - user_viewsmilies tinyint(1) DEFAULT '1' NOT NULL, - user_viewsigs tinyint(1) DEFAULT '1' NOT NULL, - user_viewavatars tinyint(1) DEFAULT '1' NOT NULL, - user_viewcensors tinyint(1) DEFAULT '1' NOT NULL, - user_attachsig tinyint(1) DEFAULT '1' NOT NULL, - user_allowhtml tinyint(1) DEFAULT '1' NOT NULL, - user_allowbbcode tinyint(1) DEFAULT '1' NOT NULL, - user_allowsmile tinyint(1) DEFAULT '1' NOT NULL, - user_allowavatar tinyint(1) DEFAULT '1' NOT NULL, + user_notify_pm tinyint(1) DEFAULT '1' NOT NULL, + user_notify_type tinyint(4) DEFAULT '0' NOT NULL, user_allow_pm tinyint(1) DEFAULT '1' NOT NULL, user_allow_email tinyint(1) DEFAULT '1' NOT NULL, user_allow_viewonline tinyint(1) DEFAULT '1' NOT NULL, user_allow_viewemail tinyint(1) DEFAULT '1' NOT NULL, user_allow_massemail tinyint(1) DEFAULT '1' NOT NULL, - user_options int(11) DEFAULT '1048565' NOT NULL, + user_options int(11) DEFAULT '893' NOT NULL, user_avatar varchar(100) DEFAULT '' NOT NULL, user_avatar_type tinyint(2) DEFAULT '0' NOT NULL, user_avatar_width tinyint(4) UNSIGNED DEFAULT '0' NOT NULL, diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php index 746e2db06b..79b773fe23 100644 --- a/phpBB/language/en/lang_main.php +++ b/phpBB/language/en/lang_main.php @@ -922,7 +922,7 @@ $lang += array( 'DEFAULT_ADD_SIG' => 'Attach my signature by default', 'DEFAULT_NOTIFY' => 'Notify me upon replies by default', - 'PREFS_UPDATED' => 'Your preferences have been updated.', + 'PREFERENCES_UPDATED' => 'Your preferences have been updated.', ); // ucp_zebra diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 004a24c954..7362c76f2e 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -27,10 +27,10 @@ $auth->acl($user->data); $user->setup(); // Grab data -$mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; -$action = (isset($_REQUEST['action'])) ? htmlspecialchars($_REQUEST['action']) : ''; -$user_id = (isset($_GET['u'])) ? intval($_GET['u']) : ANONYMOUS; -$topic_id = (isset($_GET['t'])) ? intval($_GET['t']) : 0; +$mode = request_var('mode', ''); +$action = request_var('action', ''); +$user_id = request_var('u', ANONYMOUS); +$topic_id = request_var('t', 0); switch ($mode) { @@ -52,27 +52,11 @@ switch ($mode) } -$start = (isset($_GET['start'])) ? intval($_GET['start']) : ((isset($_GET['page'])) ? (intval($_GET['page']) - 1) * $config['topics_per_page'] : 0); -$form = (!empty($_GET['form'])) ? htmlspecialchars($_GET['form']) : 0; -$field = (isset($_GET['field'])) ? htmlspecialchars($_GET['field']) : 'username'; +$start = request_var('start', 0); +$submit = (isset($_POST['submit'])) ? true : false; -$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 'c'; -$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a'; - -$username = (!empty($_REQUEST['username'])) ? trim(htmlspecialchars($_REQUEST['username'])) : ''; -$email = (!empty($_REQUEST['email'])) ? trim(htmlspecialchars($_REQUEST['email'])) : ''; -$icq = (!empty($_REQUEST['icq'])) ? intval(htmlspecialchars($_REQUEST['icq'])) : ''; -$aim = (!empty($_REQUEST['aim'])) ? trim(htmlspecialchars($_REQUEST['aim'])) : ''; -$yahoo = (!empty($_REQUEST['yahoo'])) ? trim(htmlspecialchars($_REQUEST['yahoo'])) : ''; -$msn = (!empty($_REQUEST['msn'])) ? trim(htmlspecialchars($_REQUEST['msn'])) : ''; - -$joined_select = (!empty($_REQUEST['joined_select'])) ? htmlspecialchars($_REQUEST['joined_select']) : 'lt'; -$active_select = (!empty($_REQUEST['active_select'])) ? htmlspecialchars($_REQUEST['active_select']) : 'lt'; -$count_select = (!empty($_REQUEST['count_select'])) ? htmlspecialchars($_REQUEST['count_select']) : 'eq'; -$joined = (!empty($_REQUEST['joined'])) ? explode('-', trim(htmlspecialchars($_REQUEST['joined']))) : array(); -$active = (!empty($_REQUEST['active'])) ? explode('-', trim(htmlspecialchars($_REQUEST['active']))) : array(); -$count = (!empty($_REQUEST['count'])) ? intval($_REQUEST['count']) : ''; -$ipdomain = (!empty($_REQUEST['ip'])) ? trim(htmlspecialchars($_REQUEST['ip'])) : ''; +$sort_key = request_var('sk', 'c'); +$sort_dir = request_var('sd', 'a'); // Grab rank information for later @@ -143,67 +127,31 @@ switch ($mode) break; case 'jabber': - if (isset($_POST['submit']) && @extension_loaded('xml')) + if ($submit && @extension_loaded('xml')) { - require($phpbb_root_path . 'includes/functions_jabber.'.$phpEx); - $jabber = new Jabber; + include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); - $jabber->server = (!empty($config['jab_host'])) ? $config['jab_host'] : 'jabber.org'; - - if (!$jabber->Connect()) - { - trigger_error('Could not connect to Jabber server', E_USER_ERROR); - } - - $jabber->username = (!empty($config['jab_username'])) ? $config['jab_username'] : ''; - $jabber->password = (!empty($config['jab_password'])) ? $config['jab_password'] : ''; - $jabber->resource = 'phpBB'; - - // If a username/password are set we will try and authorise. If they don't we will - // try and create a new user, username will be the basic domain name with _phpbb - // appended + a numeric - if ($jabber->username && $jabber->password) - { - if (!$jabber->SendAuth()) - { - trigger_error('Could not authorise on Jabber server', E_USER_ERROR); - } - } - else - { - $jabber->username = implode('_', array_slice(explode('.', $config['server_name']), -2)) . '_phpbb'; - for ($i = 0; $i < 10; $i++) - { - $jabber->password .= chr(rand(65, 122)); - } - - for ($i = 0; $i < 10; $i++) - { - $jabber->username .= $i; - if ($result = $jabber->AccountRegistration($config['contact_email'], str_replace('.', '_', $config['server_name']))) - { - break; - } - } - if (!$result) - { - trigger_error('Could not create new user on Jabber server', E_USER_ERROR); - } - - set_config('jab_username', $jabber->username); - set_config('jab_password', $jabber->password); - } - - $jabber->SendPresence(NULL, NULL, 'online'); - - // This _really_ needs to be an "email" template I think ... indeed the whole system is probably - // best suited "merged" with email in some way. Would enable notifications, etc. to be sent via - // Jabber more easily too I think $subject = sprintf($user->lang['IM_JABBER_SUBJECT'], $user->data['username'], $config['server_name']); - $message = stripslashes(htmlspecialchars($_POST['message'])); + $message = $_POST['message']; - $jabber->SendMessage($row[$sql_field], 'normal', NULL, array('subject' => $subject, 'body' => $message), ''); - $jabber->Disconnect(); + $messenger = new messenger(); + + $messenger->template('profile_send_email', $row['user_lang']); + $messenger->subject($subject); + + $messenger->replyto($user->data['user_email']); + $messenger->to($row['user_jabber'], $row['username']); + + $messenger->assign_vars(array( + 'SITENAME' => $config['sitename'], + 'BOARD_EMAIL' => $config['board_contact'], + 'FROM_USERNAME' => $user->data['username'], + 'TO_USERNAME' => $row['username'], + 'MESSAGE' => $message) + ); + + $messenger->send(NOTIFY_IM); + $messenger->queue->save(); $s_select = 'S_SENT_JABBER'; } @@ -240,8 +188,8 @@ switch ($mode) } // Do the SQL thang - $sql = "SELECT g.group_id, g.group_name, g.group_type - FROM " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug + $sql = 'SELECT g.group_id, g.group_name, g.group_type + FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug WHERE ug.user_id = $user_id AND g.group_id = ug.group_id" . (($auth->acl_get('a_groups'))? ' AND g.group_type <> ' . GROUP_HIDDEN : '') . ' ORDER BY group_type, group_name'; @@ -254,7 +202,7 @@ switch ($mode) } // We left join on the session table to see if the user is currently online - $sql = 'SELECT username, user_id, user_colour, user_permissions, user_karma, user_sig, user_sig_bbcode_uid, user_sig_bbcode_bitfield, user_allow_viewemail, user_posts, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_avatar, user_avatar_width, user_avatar_height, user_avatar_type, user_allowavatar, user_lastvisit + $sql = 'SELECT username, user_id, user_colour, user_permissions, user_karma, user_sig, user_sig_bbcode_uid, user_sig_bbcode_bitfield, user_allow_viewemail, user_posts, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_avatar, user_avatar_width, user_avatar_height, user_avatar_type, user_lastvisit FROM ' . USERS_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query($sql); @@ -447,18 +395,19 @@ switch ($mode) trigger_error($lang['FLOOD_EMAIL_LIMIT']); } - $email_lang = (!empty($_POST['lang'])) ? htmlspecialchars($_POST['lang']) : ''; - $name = (!empty($_POST['name'])) ? trim(strip_tags($_POST['name'])) : ''; - $email = (!empty($_POST['email'])) ? trim(strip_tags($_POST['email'])) : ''; - $subject = (!empty($_POST['subject'])) ? trim(stripslashes($_POST['subject'])) : ''; - $message = (!empty($_POST['message'])) ? trim(stripslashes($_POST['message'])) : ''; + $name = strip_tags(request_var('name', '')); + $email = strip_tags(request_var('email', '')); + $email_lang = request_var('lang', ''); + $subject = request_var('subject', ''); + $message = request_var('message', ''); + $cc = (!empty($_POST['cc_email'])) ? true : false; // Are we sending an email to a user on this board? Or are we sending a // topic heads-up message? if (!$topic_id) { // Get the appropriate username, etc. - $sql = 'SELECT username, user_email, user_allow_viewemail, user_lang + $sql = 'SELECT username, user_email, user_allow_viewemail, user_lang, user_jabber FROM ' . USERS_TABLE . " WHERE user_id = $user_id AND user_active = 1"; @@ -502,16 +451,16 @@ switch ($mode) // User has submitted a message, handle it $error = array(); - if (isset($_POST['submit'])) + if ($submit) { if (!$topic_id) { - if ($subject == '') + if (!$subject) { $error[] = $user->lang['EMPTY_SUBJECT_EMAIL']; } - if ($message == '') + if (!$message) { $error[] = $user->lang['EMPTY_MESSAGE_EMAIL']; } @@ -536,35 +485,31 @@ switch ($mode) WHERE user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $emailer = new emailer(); + include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); $email_tpl = (!$topic_id) ? 'profile_send_email' : 'email_notify'; $email_lang = (!$topic_id) ? $row['user_lang'] : $email_lang; - $emailer->template($email_tpl, $email_lang); - $emailer->subject($subject); + $email = (!$topic_id) ? $row['user_email'] : $email; - $emailer->replyto($user->data['user_email']); - if (!$topic_id) + $messenger = new messenger(); + + $messenger->template($email_tpl, $email_lang); + $messenger->subject($subject); + + $messenger->replyto($user->data['user_email']); + $messenger->to($email, $row['username']); + + if ($cc) { - $emailer->to($row['user_email'], $row['username']); - } - else - { - $emailer->to($email, $name); + $messenger->cc($user->data['user_email'], $user->data['username']); } - if (!empty($_POST['cc_email'])) - { - $emailer->cc($user->data['user_email'], $user->data['username']); - } + $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); + $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); + $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); + $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); - $emailer->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $emailer->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $emailer->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $emailer->headers('X-AntiAbuse: User IP - ' . $user->ip); - - $emailer->assign_vars(array( + $messenger->assign_vars(array( 'SITENAME' => $config['sitename'], 'BOARD_EMAIL' => $config['board_contact'], 'FROM_USERNAME' => $user->data['username'], @@ -572,11 +517,11 @@ switch ($mode) 'MESSAGE' => $message, 'TOPIC_NAME' => ($topic_id) ? strtr($row['topic_title'], array_flip(get_html_translation_table(HTML_ENTITIES))) : '', - 'U_TOPIC' => ($topic_id) ? generate_board_url() . "/viewtopic.$phpEx?f=" . $row['forum_id'] . "&t=topic_id" : '') + 'U_TOPIC' => ($topic_id) ? generate_board_url() . "/viewtopic.$phpEx?f=" . $row['forum_id'] . "&t=$topic_id" : '') ); - $emailer->send(); - $emailer->reset(); + $messenger->send(NOTIFY_EMAIL); + $messenger->queue->save(); meta_refresh(3, "index.$phpEx$SID"); $message = (!$topic_id) ? sprintf($user->lang['RETURN_INDEX'], '', '') : sprintf($user->lang['RETURN_TOPIC'], "', ''); @@ -635,8 +580,26 @@ switch ($mode) // Additional sorting options for user search ... if search is enabled, if not // then only admins can make use of this (for ACP functionality) $where_sql = ''; - if ($mode == 'searchuser' && (!empty($config['load_search']) || $auth->acl_get('a_'))) + if ($mode == 'searchuser' && ($config['load_search'] || $auth->acl_get('a_'))) { + $form = request_var('form', ''); + $field = request_var('field', 'username'); + + $username = request_var('username', ''); + $email = request_var('email', ''); + $icq = request_var('icq', ''); + $aim = request_var('aim', ''); + $yahoo = request_var('yahoo', ''); + $msn = request_var('msn', ''); + + $joined_select = request_var('joined_select', 'lt'); + $active_select = request_var('active_select', 'lt'); + $count_select = request_var('count_select', 'eq'); + $joined = explode('-', request_var('joined', '')); + $active = explode('-', request_var('active', '')); + $count = request_var('count', 0); + $ipdomain = request_var('ip', ''); + $find_key_match = array('lt' => '<', 'gt' => '>', 'eq' => '='); $find_count = array('lt' => $user->lang['LESS_THAN'], 'eq' => $user->lang['EQUAL_TO'], 'gt' => $user->lang['MORE_THAN']); @@ -668,11 +631,11 @@ switch ($mode) $where_sql .= ($aim) ? " AND user_aim LIKE '" . str_replace('*', '%', $db->sql_escape($aim)) ."' " : ''; $where_sql .= ($yahoo) ? " AND user_yim LIKE '" . str_replace('*', '%', $db->sql_escape($yahoo)) ."' " : ''; $where_sql .= ($msn) ? " AND user_msnm LIKE '" . str_replace('*', '%', $db->sql_escape($msn)) ."' " : ''; - $where_sql .= ($joined) ? " AND user_regdate " . $find_key_match[$joined_select] . " " . gmmktime(0, 0, 0, intval($joined[1]), intval($joined[2]), intval($joined[0])) : ''; $where_sql .= ($count) ? " AND user_posts " . $find_key_match[$count_select] . " $count " : ''; - $where_sql .= ($active) ? " AND user_lastvisit " . $find_key_match[$active_select] . " " . gmmktime(0, 0, 0, $active[1], intval($active[2]), intval($active[0])) : ''; + $where_sql .= (sizeof($joined) > 1) ? " AND user_regdate " . $find_key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, intval($joined[1]), intval($joined[2]), intval($joined[0])) : ''; + $where_sql .= (sizeof($active) > 1) ? " AND user_lastvisit " . $find_key_match[$active_select] . ' ' . gmmktime(0, 0, 0, $active[1], intval($active[2]), intval($active[0])) : ''; - if (!empty($ipdomain)) + if ($ipdomain) { $ips = (preg_match('#[a-z]#', $ipdomain)) ? implode(', ', preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "'\\1'", gethostbynamel($ipdomain))) : "'" . str_replace('*', '%', $ipdomain) . "'"; @@ -683,14 +646,14 @@ switch ($mode) if ($row = $db->sql_fetchrow($result)) { - $ip_sql = ''; + $ip_sql = array(); do { - $ip_sql .= (($ip_sql != '') ? ', ' : '') . $row['poster_id']; + $ip_sql[] = $row['poster_id']; } while ($row = $db->sql_fetchrow($result)); - $where_sql .= " AND user_id IN ($ip_sql)"; + $where_sql .= ' AND user_id IN (' . implode(', ', $ip_sql) . ')'; } else { @@ -704,11 +667,11 @@ switch ($mode) $order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); // Count the users ... - if ($where_sql != '') + if ($where_sql) { - $sql = "SELECT COUNT(user_id) AS total_users - FROM " . USERS_TABLE . " - WHERE user_id <> " . ANONYMOUS . " + $sql = 'SELECT COUNT(user_id) AS total_users + FROM ' . USERS_TABLE . ' + WHERE user_id <> ' . ANONYMOUS . " $where_sql"; $result = $db->sql_query($sql); @@ -723,18 +686,18 @@ switch ($mode) $pagination_url = "memberlist.$phpEx$SID&mode=$mode"; // Build a relevant pagination_url - $global_var = (isset($_POST['submit'])) ? '_POST' : '_GET'; + $global_var = ($submit) ? '_POST' : '_GET'; foreach ($$global_var as $key => $var) { - if (in_array($key, array('submit', 'start', 'mode')) || $var == '') + if (in_array($key, array('submit', 'start', 'mode')) || !$var) { continue; } - $pagination_url .= '&' . $key . '=' . urlencode($var); + $pagination_url .= '&' . $key . '=' . urlencode(htmlspecialchars($var)); } // Some search user specific data - if ($mode == 'searchuser' && (!empty($config['load_search']) || $auth->acl_get('a_'))) + if ($mode == 'searchuser' && ($config['load_search'] || $auth->acl_get('a_'))) { $template->assign_vars(array( 'USERNAME' => $username, @@ -775,7 +738,7 @@ switch ($mode) $db->sql_freeresult($result); // Do the SQL thang - $sql = 'SELECT username, user_id, user_colour, user_allow_viewemail, user_posts, user_regdate, user_rank, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit + $sql = 'SELECT username, user_id, user_colour, user_allow_viewemail, user_posts, user_regdate, user_rank, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_lastvisit FROM ' . USERS_TABLE . ' WHERE user_id <> ' . ANONYMOUS . " $where_sql diff --git a/phpBB/posting.php b/phpBB/posting.php index 83b747a8b3..a851a15670 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -175,6 +175,7 @@ if ($sql != '') prepare_data($message_parser->attachment_data[$pos]['real_filename'], TRUE); prepare_data($message_parser->attachment_data[$pos]['extension'], TRUE); prepare_data($message_parser->attachment_data[$pos]['mimetype'], TRUE); + $message_parser->attachment_data[$pos]['filesize'] = (int) $message_parser->attachment_data[$pos]['filesize']; $message_parser->attachment_data[$pos]['filetime'] = (int) $message_parser->attachment_data[$pos]['filetime']; $message_parser->attachment_data[$pos]['attach_id'] = (int) $message_parser->attachment_data[$pos]['attach_id']; @@ -211,8 +212,8 @@ if ($sql != '') if (!in_array($mode, array('quote', 'edit', 'delete'))) { $enable_sig = ($config['allow_sig'] && $user->optionget('attachsig')) ? TRUE : FALSE; - $enable_smilies = ($config['allow_smilies'] && $user->optionget('allowsmile')) ? TRUE : FALSE; - $enable_bbcode = ($config['allow_bbcode'] && $user->optionget('allowbbcode')) ? TRUE : FALSE; + $enable_smilies = ($config['allow_smilies'] && $user->optionget('smile')) ? TRUE : FALSE; + $enable_bbcode = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? TRUE : FALSE; $enable_urls = TRUE; } @@ -1134,7 +1135,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id $notify_rows = array(); // -- get forum_userids || topic_userids - $sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang + $sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber FROM ' . (($topic_notification) ? TOPICS_WATCH_TABLE : FORUMS_WATCH_TABLE) . ' w, ' . USERS_TABLE . ' u WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . " AND w.user_id NOT IN ($sql_ignore_users) @@ -1148,9 +1149,11 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id 'user_id' => $row['user_id'], 'username' => $row['username'], 'user_email' => $row['user_email'], - 'user_lang' => $row['user_lang'], + 'user_jabber' => $row['user_jabber'], + 'user_lang' => $row['user_lang'], 'notify_type' => ($topic_notification) ? 'topic' : 'forum', 'template' => ($topic_notification) ? 'topic_notify' : 'newtopic_notify', + 'method' => $row['user_notify_type'], 'allowed' => false ); } @@ -1164,7 +1167,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id $sql_ignore_users .= ', ' . implode(', ', array_keys($notify_rows)); } - $sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang + $sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber FROM ' . FORUMS_WATCH_TABLE . ' fw, ' . USERS_TABLE . " u WHERE fw.forum_id = $forum_id AND fw.user_id NOT IN ($sql_ignore_users) @@ -1178,9 +1181,11 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id 'user_id' => $row['user_id'], 'username' => $row['username'], 'user_email' => $row['user_email'], + 'user_jabber' => $row['user_jabber'], 'user_lang' => $row['user_lang'], 'notify_type' => 'forum', 'template' => 'forum_notify', + 'method' => $row['user_notify_type'], 'allowed' => false ); } @@ -1192,112 +1197,101 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id return; } - // We have all users informations we want, now check if they are actually permitted to receive a notification - $sql = 'SELECT a.user_id - FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a - WHERE a.user_id IN (' . implode(', ', array_keys($notify_rows)) . ") - AND ao.auth_option_id = a.auth_option_id - AND ao.auth_option = 'f_read' - AND a.forum_id = $forum_id"; - $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + $perms = array(); +/* foreach (discover_auth(array_keys($notify_rows), array('f_read'), $forum_id) as $user_id => $forum_ary) { - $notify_rows[$row['user_id']]['allowed'] = true; - } - $db->sql_freeresult($result); - - // Now grab group settings... - $sql = 'SELECT ug.user_id, MIN(a.auth_setting) as min_setting - FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a - WHERE ug.user_id IN (' . implode(', ', array_keys($notify_rows)) . ") - AND a.group_id = ug.group_id - AND ao.auth_option_id = a.auth_option_id - AND ao.auth_option = 'f_read' - AND a.forum_id = $forum_id - GROUP BY ug.user_id"; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - if ($row['min_setting'] == 1) + foreach ($forum_ary as $forum_id => $option_ary) { - $notify_rows[$row['user_id']]['allowed'] = true; + if (array_sum(array_values($option_ary))) + { + echo array_sum(array_values($option_ary)); + echo " >> "; +// $perms[] = $user_id; +// break; + } } + print_r($forum_ary); } - $db->sql_freeresult($result); - +*/ + // Now, we have to do a little step before really sending, we need to distinguish our users a little bit. ;) $email_users = $delete_ids = $update_notification = array(); foreach ($notify_rows as $user_id => $row) { - if (!$row['allowed'] || trim($row['user_email']) == '') + if (!$row['allowed'] || !trim($row['user_email'])) { $delete_ids[$row['notify_type']][] = $row['user_id']; } else { - $email_users[] = $row; + $msg_users[] = $row; $update_notification[$row['notify_type']][] = $row['user_id']; } } unset($notify_rows); + + + + // Now, we are able to really send out notifications - if (sizeof($email_users) && $config['email_enable']) + if (sizeof($msg_users)) { - @set_time_limit(60); + include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + $messenger = new messenger(); - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $emailer = new emailer(TRUE); // use queue + $email_sig = str_replace('
', "\n", "-- \n" . $config['board_email_sig']); - $email_list_ary = array(); - foreach ($email_users as $row) + $msg_list_ary = array(); + foreach ($msg_users as $row) { - $pos = sizeof($email_list_ary[$row['template']]); - $email_list_ary[$row['template']][$pos]['email'] = $row['user_email']; - $email_list_ary[$row['template']][$pos]['name'] = $row['username']; - $email_list_ary[$row['template']][$pos]['lang'] = $row['user_lang']; + $pos = sizeof($msg_list_ary[$row['template']]); + + $msg_list_ary[$row['template']][$pos]['method'] = $row['method']; + $msg_list_ary[$row['template']][$pos]['email'] = $row['user_email']; + $msg_list_ary[$row['template']][$pos]['user_jabber'] = $row['user_jabber']; + $msg_list_ary[$row['template']][$pos]['name'] = $row['username']; + $msg_list_ary[$row['template']][$pos]['lang'] = $row['user_lang']; } unset($email_users); - foreach ($email_list_ary as $email_template => $email_list) + foreach ($msg_list_ary as $email_template => $email_list) { foreach ($email_list as $addr) { - $emailer->template($email_template, $addr['lang']); + $messenger->template($email_template, $addr['lang']); - $emailer->replyto($config['board_email']); - $emailer->to($addr['email'], $addr['name']); + $messenger->replyto($config['board_email']); + $messenger->to($addr['email'], $addr['name']); - $emailer->assign_vars(array( - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $config['board_email_sig']), + $messenger->assign_vars(array( + 'EMAIL_SIG' => $email_sig, 'SITENAME' => $config['sitename'], - 'TOPIC_TITLE' => trim($topic_title), - 'FORUM_NAME' => trim($forum_name), + 'TOPIC_TITLE' => $topic_title, + 'FORUM_NAME' => $forum_name, - 'U_NEWEST_POST' => generate_board_url() . '/viewtopic.'.$phpEx . '?e=1&t=' . $topic_id . '&p=' . $post_id . '#' . $post_id, - 'U_TOPIC' => generate_board_url() . '/viewtopic.'.$phpEx . '?e=1&t=' . $topic_id, - 'U_FORUM' => generate_board_url() . '/viewforum.'.$phpEx . '?e=1&f=' . $forum_id, - 'U_STOP_WATCHING_TOPIC' => generate_board_url() . '/viewtopic.'.$phpEx . '?t=' . $topic_id . '&unwatch=topic', - 'U_STOP_WATCHING_FORUM' => generate_board_url() . '/viewforum.'.$phpEx . '?f=' . $forum_id . '&unwatch=forum') - ); + 'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&e=1", + 'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&e=1", + 'U_NEWEST_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=1#$post_id", + 'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic", + 'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum", + )); - $emailer->send(); - $emailer->reset(); + $messenger->send($addr['method']); + $messenger->reset(); } } unset($email_list_ary); - - $emailer->mail_queue->save(); } + $messenger->queue->save(); + // Handle the DB updates $db->sql_transaction(); - // Now update the notification status if (sizeof($update_notification['topic'])) { - $sql = "UPDATE " . TOPICS_WATCH_TABLE . " + $sql = 'UPDATE ' . TOPICS_WATCH_TABLE . " SET notify_status = 1 WHERE topic_id = $topic_id AND user_id IN (" . implode(', ', $update_notification['topic']) . ")"; @@ -1306,7 +1300,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id if (sizeof($update_notification['forum'])) { - $sql = "UPDATE " . FORUMS_WATCH_TABLE . " + $sql = 'UPDATE ' . FORUMS_WATCH_TABLE . " SET notify_status = 1 WHERE forum_id = $forum_id AND user_id IN (" . implode(', ', $update_notification['forum']) . ")"; @@ -1316,7 +1310,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id // Now delete the user_ids not authorized to receive notifications on this topic/forum if (sizeof($delete_ids['topic'])) { - $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " + $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")"; $db->sql_query($sql); @@ -1324,7 +1318,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id if (sizeof($delete_ids['forum'])) { - $sql = "DELETE FROM " . FORUMS_WATCH_TABLE . " + $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . " WHERE forum_id = $forum_id AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")"; $db->sql_query($sql); diff --git a/phpBB/styles/subSilver/template/ucp_header.html b/phpBB/styles/subSilver/template/ucp_header.html index a592043ff9..cda7cd0f2f 100644 --- a/phpBB/styles/subSilver/template/ucp_header.html +++ b/phpBB/styles/subSilver/template/ucp_header.html @@ -70,7 +70,7 @@ function marklist(form_name, status) - {ucp_section.L_TITLE} + {ucp_section.L_TITLE} diff --git a/phpBB/styles/subSilver/template/viewtopic_body.html b/phpBB/styles/subSilver/template/viewtopic_body.html index 9d3e00cf11..e08865e9dc 100644 --- a/phpBB/styles/subSilver/template/viewtopic_body.html +++ b/phpBB/styles/subSilver/template/viewtopic_body.html @@ -28,11 +28,11 @@ - +
  - {S_WATCH_TOPIC} • - {L_PRINT_TOPIC} + {S_WATCH_TOPIC} | + {L_PRINT_TOPIC} | {L_EMAIL_TOPIC} {L_VIEW_PREVIOUS_TOPIC}{L_VIEW_UNREAD_POST}{L_VIEW_NEXT_TOPIC} {L_VIEW_PREVIOUS_TOPIC} | {L_VIEW_UNREAD_POST} | {L_VIEW_NEXT_TOPIC} 
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 82cd462050..c6455c5914 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -112,7 +112,7 @@ if ($forum_data['forum_password']) } // Redirect to login upon emailed notification links -if (isset($_GET['e']) && (int) $_GET['e'] && $user->data['user_id'] == ANONYMOUS) +if (!empty($_GET['e']) && $user->data['user_id'] == ANONYMOUS) { login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])), '', $user->lang['LOGIN_NOTIFY_FORUM']); } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 3657282f34..7145badc3f 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -21,21 +21,21 @@ $user->start(); $auth->acl($user->data); // Initial var setup -$forum_id = (isset($_GET['f'])) ? max(intval($_GET['f']), 0) : 0; -$topic_id = (isset($_GET['t'])) ? max(intval($_GET['t']), 0) : 0; -$post_id = (isset($_GET['p'])) ? max(intval($_GET['p']), 0) : 0; -$voted_id = (isset($_POST['vote_id'])) ? array_map('intval', $_POST['vote_id']) : 0; +$forum_id = request_var('f', 0); +$topic_id = request_var('t', 0); +$post_id = request_var('p', 0); +$voted_id = request_var('vote_id', 0);; -$start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0; -$view = (isset($_GET['view'])) ? htmlspecialchars($_GET['view']) : false; -$rate = (isset($_GET['rate'])) ? intval($_GET['rate']) : false; -$sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0; -$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't'; -$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a'; -$update = (isset($_POST['update'])) ? true : false; +$start = request_var('start', 0); +$view = request_var('view', ''); +$rate = request_var('rate', 0); +$sort_days = request_var('st', 0); +$sort_key = request_var('sk', 't'); +$sort_dir = request_var('sd', 'a'); +$update = request_var('update', false); -$hilit_words = (isset($_GET['hilit'])) ? urldecode($_GET['hilit']) : false; -$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); +$hilit_words = urldecode(request_var('hilit', '')); +$tracking_topics = unserialize(request_var($config['cookie_name'] . '_track', array())); // Do we have a topic or post id? if (!$topic_id && !$post_id) @@ -217,7 +217,7 @@ if ($forum_password) } // Redirect to login upon emailed notification links -if (isset($_GET['e']) && (int) $_GET['e'] && $user->data['user_id'] == ANONYMOUS) +if (!empty($_GET['e']) && $user->data['user_id'] == ANONYMOUS) { login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])), '', $user->lang['LOGIN_NOTIFY_TOPIC']); } @@ -484,7 +484,7 @@ $template->assign_vars(array( 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_TOPIC_ACTION' => "viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id&start=$start", 'S_TOPIC_MOD' => ($topic_mod != '') ? '' : '', - 'S_MOD_ACTION' => "mcp.$phpEx?sid=" . $user->session_id . "&t=$topic_id&quickmod=1", + 'S_MOD_ACTION' => "mcp.$phpEx?sid=" . $user->session_id . "&t=$topic_id&quickmod=1", 'S_WATCH_TOPIC' => $s_watching_topic, 'S_DISPLAY_SEARCHBOX' => ($auth->acl_get('f_search', $forum_id)) ? true : false, @@ -846,7 +846,8 @@ do else { $user_sig = ''; - if ($row['user_sig'] && $config['allow_sig'] && $user->optionget('viewsigs')) + + if ($row['enable_sig'] && $row['user_sig'] && $config['allow_sig'] && $user->optionget('viewsigs')) { $user_sig = $row['user_sig']; } @@ -856,8 +857,8 @@ do 'joined' => $user->format_date($row['user_regdate'], $user->lang['DATE_FORMAT']), 'posts' => (!empty($row['user_posts'])) ? $row['user_posts'] : '', 'from' => (!empty($row['user_from'])) ? $row['user_from'] : '', - 'karma' => (!empty($row['user_karma'])) ? $row['user_karma'] : 0, - 'karma_img' => '' . $user->lang['KARMA_LEVEL'] . ': ' . $user->lang['KARMA'][$row['user_karma']] . '', + 'karma' => ($config['enable_karma'] && $row['user_karma']) ? $row['user_karma'] : 0, + 'karma_img' => ($config['enable_karma']) ? '' . $user->lang['KARMA_LEVEL'] . ': ' . $user->lang['KARMA'][$row['user_karma']] . '' : '', 'sig' => $user_sig, 'sig_bbcode_uid' => (!empty($row['user_sig_bbcode_uid'])) ? $row['user_sig_bbcode_uid'] : '', @@ -868,14 +869,13 @@ do 'avatar' => '', 'profile' => "memberlist.$phpEx$SID&mode=viewprofile&u=$poster_id", - 'pm' => "ucp.$phpEx$SID&mode=message&action=send&u=$poster_id", + 'pm' => "ucp.$phpEx$SID&i=pm&action=send&u=$poster_id", 'www' => $row['user_website'], 'aim' => ($row['user_aim']) ? "memberlist.$phpEx$SID&mode=contact&action=aim&u=$poster_id" : '', 'msn' => ($row['user_msnm']) ? "memberlist.$phpEx$SID&mode=contact&action=msnm&u=$poster_id" : '', 'yim' => ($row['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg' : '', 'jabber' => ($row['user_jabber']) ? "memberlist.$phpEx$SID&mode=contact&action=jabber&u=$poster_id" : '', 'search' => ($auth->acl_get('u_search')) ? "search.$phpEx$SID&search_author=" . urlencode($row['username']) .'&showresults=posts' : '' - ); if ($row['user_avatar'] && $user->optionget('viewavatars')) @@ -1086,7 +1086,7 @@ foreach ($rowset as $i => $row) } // End signature parsing, only if needed - if ($row['enable_sig'] && $user_cache[$poster_id]['sig'] && empty($user_cache[$poster_id]['sig_parsed'])) + if ($user_cache[$poster_id]['sig'] && empty($user_cache[$poster_id]['sig_parsed'])) { $user_cache[$poster_id]['sig'] = ($config['enable_smilies']) ? preg_replace('#