makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- finally correctly calculate current time for birthday calculation [Bug #6030]

Browse source 
- allow searching forums with unsearchable subforums [Bug #6056]
- addition of an optional HTTP_X_FORWARDED_FOR check in sessions, including bans
- do not index forums which have indexing disabled on index recreation [Bug #6060]
- properly handle html entities in the theme editor [Bug #6048]
- anonymous access is no longer required for the LDAP auth plugin [Bug #6046]
- corrected mcp_front queue link to point to approve_details [Bug #6134]
- added direct (dis)approval to mcp_front queue items [Bug #6134]
- proper mysql version test for fulltext-compatibility [Bug #6054]
- added note to style/language "used by" column so it's clear that bots are included
- correctly update bot last visit time [Bug #6108]


git-svn-id: file:///svn/phpbb/trunk@6740 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann 2006-12-10 17:44:45 +00:00
parent 7e47135792
commit f40e2aba22
30 changed files with 223 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/adm/style/admin.css
View file

@ -321,6 +321,7 @@ th {
color: #FFA34F;
font-weight: bold;
background: #006699 url("../images/cellpic3.gif") 0 0 repeat-x;
white-space: nowrap;
}
td {

2
phpBB/adm/style/overall_header.html
View file

@ -93,7 +93,7 @@ function trace(link)
function find_username()
{
<!-- IF UA_FIND_USERNAME -->
window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=500, resizable=yes, scrollbars=yes, width=740');
window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=570, resizable=yes, scrollbars=yes, width=760');
<!-- ENDIF -->
return false;
}

2
phpBB/adm/style/simple_header.html
View file

@ -79,7 +79,7 @@ function marklist(id, name, state)
function find_username()
{
<!-- IF UA_FIND_USERNAME -->
window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=500, resizable=yes, scrollbars=yes, width=740');
window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=570, resizable=yes, scrollbars=yes, width=760');
<!-- ENDIF -->
return false;
}

1
phpBB/develop/create_schema_files.php
View file

@ -1488,6 +1488,7 @@ function get_schema_struct()
'session_time' => array('TIMESTAMP', 0),
'session_ip' => array('VCHAR:40', ''),
'session_browser' => array('VCHAR:150', ''),
'session_forwarded_for' => array('VCHAR:255', ''),
'session_page' => array('VCHAR_UNI', ''),
'session_viewonline' => array('BOOL', 1),
'session_autologin' => array('BOOL', 0),

37
phpBB/develop/ip_regex.php Normal file
View file

@ -0,0 +1,37 @@
<?php
$dec_octet = '(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])';
$h16 = '[\dA-F]{1,4}';
$ipv4 = "(?:$dec_octet\.){3}$dec_octet";
$ls32 = "(?:$h16:$h16|$ipv4)";
$ipv6_construct = array(
array(false, '', '{6}', $ls32),
array(false, '::', '{5}', $ls32),
array('', ':', '{4}', $ls32),
array('{1,2}', ':', '{3}', $ls32),
array('{1,3}', ':', '{2}', $ls32),
array('{1,4}', ':', '', $ls32),
array('{1,5}', ':', false, $ls32),
array('{1,6}', ':', false, $h16),
array('{1,7}', ':', false, '')
);
$ipv6 = '(?:';
foreach ($ipv6_construct as $ip_type)
{
$ipv6 .= '(?:';
if ($ip_type[0] !== false)
{
$ipv6 .= "(?:$h16:)" . $ip_type[0];
}
$ipv6 .= $ip_type[1];
if ($ip_type[2] !== false)
{
$ipv6 .= "(?:$h16:)" . $ip_type[2];
}
$ipv6 .= $ip_type[3] . ')|';
}
$ipv6 = substr($ipv6, 0, -1) . ')';
echo 'IPv4: ' . $ipv4 . "<br />\nIPv6: " . $ipv6;
?>

17
phpBB/includes/acp/acp_search.php
View file

@ -17,7 +17,7 @@ class acp_search
var $state;
var $search;
var $max_post_id;
var $batch_size = 4000;
var $batch_size = 5000;
function main($id, $mode)
{
@ -320,6 +320,16 @@ class acp_search
}
else
{
$sql = 'SELECT forum_id, enable_indexing
FROM ' . FORUMS_TABLE;
$result = $db->sql_query($sql, 3600);
while ($row = $db->sql_fetchrow($result))
{
$forums[$row['forum_id']] = (bool) $row['enable_indexing'];
}
$db->sql_freeresult($result);
$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id >= ' . (int) ($post_counter + 1) . '
@ -328,7 +338,10 @@ class acp_search
while ($row = $db->sql_fetchrow($result))
{
$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']);
if ($forums[$row['forum_id']])
{
$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']);
}
}
$db->sql_freeresult($result);

6
phpBB/includes/acp/acp_styles.php
View file

@ -1121,7 +1121,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_UNIT'] . '</option>' . $s_units;
$template->assign_vars(array(
strtoupper($var) => $value,
strtoupper($var) => htmlspecialchars($value),
'S_' . strtoupper($var) . '_UNITS' => $s_units)
);
break;
@ -1162,7 +1162,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
default:
$template->assign_vars(array(
strtoupper($var) => $value)
strtoupper($var) => htmlspecialchars($value))
);
}
}
@ -1226,7 +1226,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
break;
default:
$value = request_var($var, '');
$value = htmlspecialchars_decode(request_var($var, ''));
}
// use the element mapping to create raw css code

26
phpBB/includes/auth/auth_ldap.php
View file

@ -34,6 +34,14 @@ function init_ldap()
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($config['ldap_user'] || $config['ldap_password'])
{
if (!@ldap_bind($ldap, ldap_escape(htmlspecialchars_decode($config['ldap_user'])), htmlspecialchars_decode($config['ldap_password'])))
{
return $user->lang['LDAP_INCORRECT_USER_PASSWORD'];
}
}
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,
@ -95,6 +103,14 @@ function login_ldap(&$username, &$password)
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($config['ldap_user'] || $config['ldap_password'])
{
if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password'])))
{
return $user->lang['LDAP_NO_SERVER_CONNECTION'];
}
}
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
@ -221,6 +237,14 @@ function acp_ldap(&$new)
<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
</dl>
<dl>
<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
@ -238,7 +262,7 @@ function acp_ldap(&$new)
// These are fields required in the config table
return array(
'tpl' => $tpl,
'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
'config' => array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
);
}

7
phpBB/includes/mcp/mcp_front.php
View file

@ -80,7 +80,7 @@ function mcp_front_view($id, $mode, $action)
}
$template->assign_block_vars('unapproved', array(
'U_POST_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=post_details&amp;f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']),
'U_POST_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=approve_details&amp;f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']),
'U_MCP_FORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=forum_view&amp;f=' . $row['forum_id']) : '',
'U_MCP_TOPIC' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=topic_view&amp;f=' . $row['forum_id'] . '&amp;t=' . $row['topic_id']),
'U_FORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
@ -88,6 +88,7 @@ function mcp_front_view($id, $mode, $action)
'U_AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']),
'FORUM_NAME' => (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
'POST_ID' => $row['post_id'],
'TOPIC_TITLE' => $row['topic_title'],
'AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? (($row['post_username']) ? $row['post_username'] : $user->lang['GUEST']) : $row['username'],
'SUBJECT' => ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
@ -97,6 +98,10 @@ function mcp_front_view($id, $mode, $action)
$db->sql_freeresult($result);
}
$template->assign_vars(array(
'S_MCP_QUEUE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue"),
));
if ($total == 0)
{
$template->assign_vars(array(

11
phpBB/includes/search/fulltext_mysql.php
View file

@ -49,16 +49,7 @@ class fulltext_mysql extends search_backend
{
global $db, $user;
if (strpos($db->sql_layer, 'mysql') === false)
{
return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION'];
}
$result = $db->sql_query('SELECT VERSION() AS mysql_version');
$version = $db->sql_fetchfield('mysql_version');
$db->sql_freeresult($result);
if (!preg_match('#^4|5|6#s', $version))
if ($db->sql_layer != 'mysql4' && $db->sql_layer != 'mysqli')
{
return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION'];
}

85
phpBB/includes/session.php
View file

@ -18,9 +18,11 @@ class session
var $page = array();
var $data = array();
var $browser = '';
var $forwarded_for = '';
var $host = '';
var $session_id = '';
var $ip = '';
var $ips = array();
var $load = 0;
var $time_now = 0;
var $update_session_page = true;
@ -145,9 +147,40 @@ class session
$this->cookie_data = array('u' => 0, 'k' => '');
$this->update_session_page = $update_session_page;
$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? (string) $_SERVER['HTTP_USER_AGENT'] : '';
$this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
$this->page = $this->extract_current_page($phpbb_root_path);
// if the forwarded for header shall be checked we have to validate its contents
if ($config['forwarded_for_check'])
{
$this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for);
// Whoa these look impressive!
// The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses
// can be found in the develop directory
$ipv4 = '#^(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])$#';
$ipv6 = '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#';
// split the list of IPs
$ips = explode(', ', $this->forwarded_for);
foreach ($ips as $ip)
{
// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
if (!preg_match("#^$ipv4$#", $this->forwarded_for) && !preg_match("#^$ipv6$#", $this->forwarded_for))
{
if (!defined('DEBUG_EXTRA'))
{
trigger_error('Hacking attempt!');
}
else
{
trigger_error('Invalid HTTP_X_FORWARDED_FOR header detected: ' . htmlspecialchars($this->forwarded_for));
}
}
}
}
// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
@ -216,7 +249,10 @@ class session
$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
if ($u_ip === $s_ip && $s_browser === $u_browser)
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['forwarded_for'], 0, 254) : '';
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
{
$session_expired = false;
@ -278,7 +314,7 @@ class session
// Added logging temporarly to help debug bugs...
if (defined('DEBUG_EXTRA'))
{
add_log('critical', 'LOG_IP_BROWSER_CHECK', $u_ip, $s_ip, $u_browser, $s_browser);
add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, $u_forwarded, $s_forwarded);
}
}
}
@ -447,7 +483,16 @@ class session
// Is user banned? Are they excluded? Won't return on ban, exists within method
if ($this->data['user_type'] != USER_FOUNDER)
{
$this->check_ban($this->data['user_id'], $this->ip);
if (!$config['forwarded_for_check'])
{
$this->check_ban($this->data['user_id'], $this->ip);
}
else
{
$ips = explode(', ', $this->forwarded_for);
$ips[] = $this->ip;
$this->check_ban($this->data['user_id'], $ips);
}
}
$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
@ -456,14 +501,17 @@ class session
// If our friend is a bot, we re-assign a previously assigned session
if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id'])
{
// Only assign the current session if the ip and browser match...
// Only assign the current session if the ip, browser and forwarded_for match...
$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
if ($u_ip === $s_ip && $s_browser === $u_browser)
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
{
$this->session_id = $this->data['session_id'];
@ -512,6 +560,7 @@ class session
'session_last_visit' => (int) $this->data['session_last_visit'],
'session_time' => (int) $this->time_now,
'session_browser' => (string) $this->browser,
'session_forwarded_for' => (string) $this->forwarded_for,
'session_ip' => (string) $this->ip,
'session_autologin' => ($session_autologin) ? 1 : 0,
'session_admin' => ($set_admin) ? 1 : 0,
@ -580,6 +629,14 @@ class session
}
else
{
$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
// Update the last visit time
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $this->data['session_time'] . '
WHERE user_id = ' . (int) $this->data['user_id'];
$db->sql_query($sql);
$SID = '?sid=';
$_SID = '';
}
@ -757,8 +814,10 @@ class session
* are passed to the method pre-existing session data is used. If $return is false
* this routine does not return on finding a banned user, it outputs a relevant
* message and stops execution.
*
* @param string|array $user_ips Can contain a string with one IP or an array of multiple IPs
*/
function check_ban($user_id = false, $user_ip = false, $user_email = false, $return = false)
function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)
{
global $config, $db;
@ -774,14 +833,14 @@ class session
$sql .= " AND ban_email = ''";
}
if ($user_ip === false)
if ($user_ips === false)
{
$sql .= " AND (ban_ip = '' OR (ban_ip <> '' AND ban_exclude = 1))";
$sql .= " AND (ban_ip = '' OR ban_exclude = 1)";
}
if ($user_id === false)
{
$sql .= ' AND (ban_userid = 0 OR (ban_userid <> 0 AND ban_exclude = 1))';
$sql .= ' AND (ban_userid = 0 OR ban_exclude = 1)';
}
else
{
@ -792,7 +851,7 @@ class session
$sql .= " OR ban_email <> ''";
}
if ($user_ip !== false)
if ($user_ips !== false)
{
$sql .= " OR ban_ip <> ''";
}
@ -806,7 +865,7 @@ class session
while ($row = $db->sql_fetchrow($result))
{
if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) ||
(!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip)) ||
(!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ips)) ||
(!empty($row['ban_email']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $user_email)))
{
if (!empty($row['ban_exclude']))
@ -823,7 +882,7 @@ class session
{
$ban_triggered_by = 'user';
}
else if (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip))
else if (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ips))
{
$ban_triggered_by = 'ip';
}
@ -1253,7 +1312,7 @@ class user extends session
// Is load exceeded?
if ($config['limit_load'] && $this->load !== false)
{
if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_gets('a_', 'm_'))
if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
{
trigger_error('BOARD_UNAVAILABLE');
}

2
phpBB/includes/ucp/ucp_pm_viewmessage.php
View file

@ -468,7 +468,7 @@ function get_user_information($user_id, $user_row)
if (!empty($user_row['user_allow_viewemail']) || $auth->acl_get('a_email'))
{
$user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&amp;u=$user_id") : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $user_row['user_email']);
$user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&amp;u=$user_id") : ((($config['board_hide_emails'] && !$auth->acl_get('a_email')) || empty($user_row['user_email'])) ? '' : 'mailto:' . $user_row['user_email']);
}
else
{

2
phpBB/index.php
View file

@ -61,7 +61,7 @@ $db->sql_freeresult($result);
$birthday_list = '';
if ($config['load_birthdays'])
{
$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600);
$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
$sql = 'SELECT user_id, username, user_colour, user_birthday
FROM ' . USERS_TABLE . "
WHERE user_birthday LIKE '" . $db->sql_escape(sprintf('%2d-%2d-', $now['mday'], $now['mon'])) . "%'

5
phpBB/install/database_update.php
View file

@ -314,7 +314,10 @@ $database_update_info = array(
// Add the following columns
'add_columns' => array(
CONFIRM_TABLE => array(
'seed' => array('UINT:10', 0),
'seed' => array('UINT:10', 0),
),
SESSIONS_TABLE => array(
'session_forwarded_for' => array('VCHAR:255', 0),
),
),
),

1
phpBB/install/schemas/firebird_schema.sql
View file

@ -961,6 +961,7 @@ CREATE TABLE phpbb_sessions (
session_time INTEGER DEFAULT 0 NOT NULL,
session_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL,
session_browser VARCHAR(150) CHARACTER SET NONE DEFAULT '' NOT NULL,
session_forwarded_for VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,
session_page VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
session_viewonline INTEGER DEFAULT 1 NOT NULL,
session_autologin INTEGER DEFAULT 0 NOT NULL,

1
phpBB/install/schemas/mssql_schema.sql
View file

@ -1141,6 +1141,7 @@ CREATE TABLE [phpbb_sessions] (
[session_time] [int] DEFAULT (0) NOT NULL ,
[session_ip] [varchar] (40) DEFAULT ('') NOT NULL ,
[session_browser] [varchar] (150) DEFAULT ('') NOT NULL ,
[session_forwarded_for] [varchar] (255) DEFAULT ('') NOT NULL ,
[session_page] [varchar] (255) DEFAULT ('') NOT NULL ,
[session_viewonline] [int] DEFAULT (1) NOT NULL ,
[session_autologin] [int] DEFAULT (0) NOT NULL ,

1
phpBB/install/schemas/mysql_40_schema.sql
View file

@ -662,6 +662,7 @@ CREATE TABLE phpbb_sessions (
session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
session_ip varchar(40) DEFAULT '' NOT NULL,
session_browser varchar(150) DEFAULT '' NOT NULL,
session_forwarded_for varchar(255) DEFAULT '' NOT NULL,
session_page text NOT NULL,
session_viewonline tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
session_autologin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,

1
phpBB/install/schemas/mysql_41_schema.sql
View file

@ -662,6 +662,7 @@ CREATE TABLE phpbb_sessions (
session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
session_ip varchar(40) DEFAULT '' NOT NULL,
session_browser varchar(150) DEFAULT '' NOT NULL,
session_forwarded_for varchar(255) DEFAULT '' NOT NULL,
session_page varchar(255) DEFAULT '' NOT NULL,
session_viewonline tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
session_autologin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,

1
phpBB/install/schemas/oracle_schema.sql
View file

@ -1280,6 +1280,7 @@ CREATE TABLE phpbb_sessions (
session_time number(11) DEFAULT '0' NOT NULL,
session_ip varchar2(40) DEFAULT '' ,
session_browser varchar2(150) DEFAULT '' ,
session_forwarded_for varchar2(255) DEFAULT '' ,
session_page varchar2(765) DEFAULT '' ,
session_viewonline number(1) DEFAULT '1' NOT NULL,
session_autologin number(1) DEFAULT '0' NOT NULL,

1
phpBB/install/schemas/postgres_schema.sql
View file

@ -876,6 +876,7 @@ CREATE TABLE phpbb_sessions (
session_time INT4 DEFAULT '0' NOT NULL CHECK (session_time >= 0),
session_ip varchar(40) DEFAULT '' NOT NULL,
session_browser varchar(150) DEFAULT '' NOT NULL,
session_forwarded_for varchar(255) DEFAULT '' NOT NULL,
session_page varchar(255) DEFAULT '' NOT NULL,
session_viewonline INT2 DEFAULT '1' NOT NULL CHECK (session_viewonline >= 0),
session_autologin INT2 DEFAULT '0' NOT NULL CHECK (session_autologin >= 0),

3
phpBB/install/schemas/schema_data.sql
View file

@ -86,6 +86,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confir
INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', '15');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('forward_pm', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('forwarded_for_check', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('full_folder_action', '2');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('fulltext_mysql_max_word_len', '254');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('fulltext_mysql_min_word_len', '4');
@ -114,8 +115,10 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_resource', '')
INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_username', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_email', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_password', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_server', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_user', '');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('limit_load', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('limit_search_load', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_anon_lastread', '0');

1
phpBB/install/schemas/sqlite_schema.sql
View file

@ -640,6 +640,7 @@ CREATE TABLE phpbb_sessions (
session_time INTEGER UNSIGNED NOT NULL DEFAULT '0',
session_ip varchar(40) NOT NULL DEFAULT '',
session_browser varchar(150) NOT NULL DEFAULT '',
session_forwarded_for varchar(255) NOT NULL DEFAULT '',
session_page varchar(255) NOT NULL DEFAULT '',
session_viewonline INTEGER UNSIGNED NOT NULL DEFAULT '1',
session_autologin INTEGER UNSIGNED NOT NULL DEFAULT '0',

25
phpBB/language/en/acp/board.php
View file

@ -281,16 +281,21 @@ $lang = array_merge($lang, array(
'APACHE_SETUP_BEFORE_USE' => 'You have to setup apache authentication before you switch phpBB to this authentication method. Keep in mind that the username you use for apache authentication has to be the same as your phpBB username.',
'LDAP_DN' => 'LDAP base <var>dn</var>',
'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. <samp>o=My Company,c=US</samp>',
'LDAP_EMAIL' => 'LDAP email attribute',
'LDAP_EMAIL_EXPLAIN' => 'Set this to the name of your user entry email attribute (if one exists) in order to automatically set the email address for new users. Leaving this empty results in empty email address for users who log in for the first time.',
'LDAP_NO_EMAIL' => 'The specified email attribute does not exist.',
'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s',
'LDAP_SERVER' => 'LDAP server name',
'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.',
'LDAP_UID' => 'LDAP <var>uid</var>',
'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.',
'LDAP_DN' => 'LDAP base <var>dn</var>',
'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. <samp>o=My Company,c=US</samp>',
'LDAP_EMAIL' => 'LDAP email attribute',
'LDAP_EMAIL_EXPLAIN' => 'Set this to the name of your user entry email attribute (if one exists) in order to automatically set the email address for new users. Leaving this empty results in empty email address for users who log in for the first time.',
'LDAP_INCORRECT_USER_PASSWORD' => 'Binding to LDAP server failed with specified user/password.',
'LDAP_NO_EMAIL' => 'The specified email attribute does not exist.',
'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s',
'LDAP_PASSWORD' => 'LDAP password',
'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous access. Else fill in the password for the above user. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database.',
'LDAP_SERVER' => 'LDAP server name',
'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.',
'LDAP_UID' => 'LDAP <var>uid</var>',
'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.',
'LDAP_USER' => 'LDAP user',
'LDAP_USER_EXPLAIN' => 'Leave blank to use anonymous access. If filled in phpBB will connect to the LDAP server as the specified user.',
));
// Server Settings

2
phpBB/language/en/acp/common.php
View file

@ -510,7 +510,7 @@ $lang = array_merge($lang, array(
'LOG_INSTALL_CONVERTED' => '<strong>Converted from %1$s to phpBB %2$s</strong>',
'LOG_INSTALL_INSTALLED' => '<strong>Installed phpBB %s</strong>',
'LOG_IP_BROWSER_CHECK' => '<strong>Session IP/browser check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>" and user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>".',
'LOG_IP_BROWSER_FORWARDED_CHECK' => '<strong>Session IP/browser/X_FORWARDED_FOR check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>", user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>" and user X_FORWARDED_FOR string "<em>%5$s</em>" checked against session X_FORWARDED_FOR string "<em>%6$s</em>".',
'LOG_JAB_CHANGED' => '<strong>Jabber account changed</strong>',
'LOG_JAB_PASSCHG' => '<strong>Jabber password changed</strong>',

2
phpBB/language/en/acp/language.php
View file

@ -58,7 +58,7 @@ $lang = array_merge($lang, array(
'LANGUAGE_PACK_LOCALNAME' => 'Local name',
'LANGUAGE_PACK_NAME' => 'Name',
'LANGUAGE_PACK_NOT_EXIST' => 'The selected language pack does not exist.',
'LANGUAGE_PACK_USED_BY' => 'Used by',
'LANGUAGE_PACK_USED_BY' => 'Used by (including robots)',
'LANGUAGE_VARIABLE' => 'Language Variable',
'LANG_AUTHOR' => 'Language Pack Author',
'LANG_ENGLISH_NAME' => 'English name',

2
phpBB/language/en/acp/styles.php
View file

@ -354,7 +354,7 @@ $lang = array_merge($lang, array(
'STYLE_NAME' => 'Style name',
'STYLE_TEMPLATE' => 'Template',
'STYLE_THEME' => 'Theme',
'STYLE_USED_BY' => 'Used by',
'STYLE_USED_BY' => 'Used by (including robots)',
'TEMPLATE_ADDED' => 'Template set added and stored on filesystem.',
'TEMPLATE_ADDED_DB' => 'Template set added and stored in database.',

2
phpBB/memberlist.php
View file

@ -1425,7 +1425,7 @@ function show_profile($data)
if ($bday_year)
{
$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600);
$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
$diff = $now['mon'] - $bday_month;
if ($diff == 0)

6
phpBB/search.php
View file

@ -960,6 +960,12 @@ while ($row = $db->sql_fetchrow($result))
$holding = '';
}
}
if ($holding)
{
$s_forums .= $holding;
}
$db->sql_freeresult($result);
unset($pad_store);

21
phpBB/styles/subSilver/template/mcp_front.html
View file

@ -1,9 +1,11 @@
<!-- INCLUDE mcp_header.html -->
<!-- IF S_SHOW_UNAPPROVED -->
<form name="mcp_queue" method="post" action="{S_MCP_QUEUE_ACTION}">
<table class="tablebg" width="100%" cellspacing="1">
<tr>
<td class="row3" colspan="5" align="center"><b class="gen">{L_LATEST_UNAPPROVED}</b></td>
<td class="row3" colspan="6" align="center"><b class="gen">{L_LATEST_UNAPPROVED}</b></td>
</tr>
<tr>
<th>&nbsp;{L_FORUM}&nbsp;</th>
@ -11,6 +13,7 @@
<th>&nbsp;{L_SUBJECT}&nbsp;</th>
<th>&nbsp;{L_AUTHOR}&nbsp;</th>
<th>&nbsp;{L_POST_TIME}&nbsp;</th>
<th width="5%">&nbsp;{L_SELECT}&nbsp;</th>
</tr>
<!-- BEGIN unapproved -->
<tr>
@ -19,17 +22,29 @@
<td class="row1" valign="top"><span class="gen">{unapproved.SUBJECT}</span><br /><span class="gensmall">[ <a href="{unapproved.U_POST_DETAILS}">{L_VIEW_DETAILS}</a> ]</span></td>
<td class="row2" align="center" width="15%" nowrap="nowrap" valign="top"><span class="gen"><!-- IF unapproved.U_AUTHOR --><a href="{unapproved.U_AUTHOR}">{unapproved.AUTHOR}</a><!-- ELSE -->{unapproved.AUTHOR}<!-- ENDIF --></span></td>
<td class="row1" align="center" width="15%" nowrap="nowrap" valign="top"><span class="gensmall">{unapproved.POST_TIME}</span></td>
<td class="row2" align="center"><input type="checkbox" class="radio" name="post_id_list[]" value="{unapproved.POST_ID}" /></td>
</tr>
<!-- BEGINELSE -->
<tr>
<td class="row1" colspan="5" align="center"><span class="gen">{L_UNAPPROVED_POSTS_ZERO_TOTAL}</span></td>
<td class="row1" colspan="6" align="center"><span class="gen">{L_UNAPPROVED_POSTS_ZERO_TOTAL}</span></td>
</tr>
<!-- END unapproved -->
<!-- IF S_HAS_UNAPPROVED_POSTS -->
<tr>
<td class="row3" colspan="5"><span class="gensmall">{L_UNAPPROVED_TOTAL}</span></td>
<td class="row3" colspan="6"><span class="gensmall">{L_UNAPPROVED_TOTAL}</span></td>
</tr>
<!-- ENDIF -->
<tr>
<td class="cat" colspan="6" align="center"><input class="btnmain" type="submit" name="action[approve]" value="{L_APPROVE}" />&nbsp;&nbsp;<input class="btnlite" type="submit" name="action[disapprove]" value="{L_DISAPPROVE}" /></td>
</tr>
</table>
</form>
<table width="100%" cellspacing="2" cellpadding="2" border="0" align="center">
<tr>
<td align="right" valign="top" nowrap="nowrap"><b class="gensmall"><a href="#" onclick="marklist('mcp_queue', '', true); return false;">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('mcp_queue', '', false); return false;">{L_UNMARK_ALL}</a></b></td>
</tr>
</table>
<br clear="all" /><br />

2
phpBB/viewtopic.php
View file

@ -880,7 +880,7 @@ $sql = $db->sql_build_query('SELECT', array(
$result = $db->sql_query($sql);
$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600);
$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
// Posts are stored in the $rowset array while $attach_list, $user_cache
// and the global bbcode_bitfield are built