Some updates... username updates are now finished (no more changing here). Please review the changes to search.php (at the moment not active).

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4066 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-07 20:08:53 +00:00 · 2003-05-29 14:23:48 +00:00 · 2003-05-29 14:23:48 +00:00 · efe6ed8753
commit efe6ed8753
parent 1e8b8e1601
5 changed files with 68 additions and 64 deletions
--- a/phpBB/develop/benchmark.php
+++ b/phpBB/develop/benchmark.php
@ -13,11 +13,11 @@ die("Please read the first lines of this script for instructions on how to enabl
 // Do not change anything below this line.
 //

-
+define('IN_PHPBB', true);
 $phpbb_root_path = "../";
 include($phpbb_root_path . 'extension.inc');
 include($phpbb_root_path . 'common.'.$phpEx);
-include($phpbb_root_path . 'includes/post.'.$phpEx);
+include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
 include($phpbb_root_path . 'includes/bbcode.'.$phpEx);

 srand ((double) microtime() * 1000000);
@ -51,6 +51,9 @@ And a quote!
 [/quote]
 ';

+$users = intval($HTTP_GET_VARS['users']);
+$posts = intval($HTTP_GET_VARS['posts']);
+$size = intval($HTTP_GET_VARS['size']);

 // The script expects the ID's in the tables to sequential (1,2,3,4,5), 
 // so no holes please (1,4,5,8)...
@ -88,7 +91,9 @@ if ($posts > 0)

 $endtime = microtime();

-if ($submit="" || !isset($submit))
+$submit = (isset($HTTP_GET_VARS['submit'])) ? true : false;
+
+if (!$submit)
 {
    ?>
 Hello, welcome to this little phpBB Benchmarking script :)<p>
@ -219,10 +224,10 @@ function make_topic($user_id, $subject, $forum_id)
 	$topic_vote = 0;
 	$current_time = time();
 	
-	$sql  = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote)
-			VALUES ('$subject', $user_id, $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
+	$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) 
+		VALUES ('$subject', $user_id, $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";

-	if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
+	if( $result = $db->sql_query($sql) )
 	{
 		$new_topic_id = $db->sql_nextid();
 	}
@ -238,17 +243,14 @@ function make_topic($user_id, $subject, $forum_id)



-function create_posting($userid, $topic_id, $forum, $mode='newtopic')
+function create_posting($userid, $topic_id, $forum, $mode = 'newtopic')
 {
 	$message = generatepost();

 	return make_post($topic_id, $forum, $userid, "", $message, $mode);
-
 }

-
-
-function make_post($new_topic_id, $forum_id, $user_id, $post_username, $text, $mode='newtopic')
+function make_post($new_topic_id, $forum_id, $user_id, $post_username, $text, $mode = 'newtopic')
 {
 	global $db;
 	$current_time = time();
@ -261,64 +263,43 @@ function make_post($new_topic_id, $forum_id, $user_id, $post_username, $text, $m
 	
 	$post_subject = 'random subject';
 	
-	$post_message = prepare_message($text, $html_on, $bbcode_on, $smilies_on, $bbcode_uid);	
+	$post_message = prepare_message($text, $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
 	
-	$sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid, enable_bbcode, enable_html, enable_smilies, enable_sig)
-		VALUES ($new_topic_id, $forum_id, $user_id, '$post_username', $current_time, '$user_ip', '$bbcode_uid', $bbcode_on, $html_on, $smilies_on, $attach_sig)";
+	$sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) 
+		VALUES ($new_topic_id, $forum_id, $user_id, '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)";
 	$result = $db->sql_query($sql);
 	
 	if($result)
 	{
 		$new_post_id = $db->sql_nextid();
 	
-		$sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, post_text)
-			VALUES ($new_post_id, '$post_subject', '$post_message')";
+		$sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) 
+			VALUES ($new_post_id, '$post_subject', '$bbcode_uid', '$post_message')";
 	
 		if($db->sql_query($sql))
 		{
-			$sql = "UPDATE " . TOPICS_TABLE . "
-				SET topic_last_post_id = $new_post_id";
-			if($mode == "reply")
+			$post_data = array();
+			$post_data['first_post'] = false;
+			$post_data['last_post'] = true;
+
+			$sql = "SELECT SUM(post_id) as total FROM " . POSTS_TABLE . " WHERE topic_id = " . $new_topic_id;
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$total = intval($row['total']);
+
+			if ($total == 1)
 			{
-				$sql .= ", topic_replies = topic_replies + 1 ";
-			}
-			$sql .= " WHERE topic_id = $new_topic_id";
-	
-			if($db->sql_query($sql))
-			{
-				$sql = "UPDATE " . FORUMS_TABLE . "
-					SET forum_last_post_id = $new_post_id, forum_posts = forum_posts + 1";
-				if($mode == "newtopic")
-				{
-					$sql .= ", forum_topics = forum_topics + 1";
-				}
-				$sql .= " WHERE forum_id = $forum_id";
-	
-				if($db->sql_query($sql))
-				{
-					$sql = "UPDATE " . USERS_TABLE . "
-						SET user_posts = user_posts + 1
-						WHERE user_id = " . $user_id;
-	
-					if($db->sql_query($sql, END_TRANSACTION))
-					{
-						// SUCCESS.
-						return true;
-					}
-					else
-					{
-						message_die(GENERAL_ERROR, "Error updating users table", "", __LINE__, __FILE__, $sql);
-					}
-				}
-				else
-				{
-					message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql);
-				}
-			}
-			else
-			{
-				message_die(GENERAL_ERROR, "Error updating topics table", "", __LINE__, __FILE__, $sql);
+				$post_data['first_post'] = true;
 			}
+			
+			$sql = "SELECT forum_last_post_id
+				FROM " . FORUMS_TABLE . "
+				WHERE forum_id = $forum_id";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$post_data['last_topic'] = ( $row['forum_last_post_id'] == $new_post_id ) ? true : false;
+
+			update_post_stats($mode, $post_data, $forum_id, $new_topic_id, $new_post_id, $user_id);
 		}
 		else
 		{
@ -336,11 +317,10 @@ function make_post($new_topic_id, $forum_id, $user_id, $post_username, $text, $m
 	{
 		message_die(GENERAL_ERROR, "Error inserting data into posts table", "", __LINE__, __FILE__, $sql);
 	}	
-
 }


-function generatepost($size=850)
+function generatepost($size = 850)
 {
   global $bigass_text;
   // Returns a string with a length between $size and $size*0.2
@ -460,4 +440,4 @@ function make_user($username)

 
  
-?>
+?>
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -114,6 +114,7 @@ p,ul,td {font-size:10pt;}
 <li>Delete user sessions after deactivating the username to prevent him navigating the forum (if logged in)</li>
 <li>Added mail header X-MimeOLE to the emailer class</li>
 <li>Prevent registration if user is logged in or user trying to register a second time</li>
+<li>Prevent usage of ALT-255 in Usernames</li>
 </ul>

 <a name="203"></a><h3 class="h3">1.ii. Changes since 2.0.3</h3>
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -81,7 +81,15 @@ function get_userdata($user, $force_str = false)
 {
 	global $db;

-	$user = ((intval($user) == 0) || ($force_str)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
+	if (intval($user) == 0 || $force_str)
+	{
+		$user = trim(htmlspecialchars($user));
+		$user = substr(str_replace("\'", "'", $user), 0, 25);
+	}
+	else
+	{
+		$user = intval($user);
+	}

 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
--- a/phpBB/includes/functions_validate.php
+++ b/phpBB/includes/functions_validate.php
@ -102,8 +102,8 @@ function validate_username($username)
 	}
 	$db->sql_freeresult($result);

-	// Don't allow " in username.
-	if (strstr($username, '"') || strstr($username, '&quot;'))
+	// Don't allow " and ALT-255 in username.
+	if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)))
 	{
 		return array('error' => true, 'error_msg' => $lang['Username_invalid']);
 	}
--- a/phpBB/search.php
+++ b/phpBB/search.php
@ -641,6 +641,21 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		// so we can serialize it and place it in the DB
 		//
 		$store_search_data = array();
+
+		//
+		// Limit the character length (and with this the results displayed at all following pages) to prevent
+		// truncated result arrays. Normally, search results above 12000 are affected.
+		// - to include or not to include
+		/*
+		$max_result_length = 60000;
+		if (strlen($search_results) > $max_result_length)
+		{
+			$search_results = substr($search_results, 0, $max_result_length);
+			$search_results = substr($search_results, 0, strrpos($search_results, ','));
+			$total_match_count = count(explode(', ', $search_results));
+		}
+		*/
+
 		for($i = 0; $i < count($store_vars); $i++)
 		{
 			$store_search_data[$store_vars[$i]] = $$store_vars[$i];
@ -653,7 +668,7 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		$search_id = mt_rand();

 		$sql = "UPDATE " . SEARCH_TABLE . " 
-			SET search_id = $search_id, search_array = '$result_array'
+			SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
 			WHERE session_id = '" . $userdata['session_id'] . "'";
 		if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
 		{