diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-07-14 14:43:31 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-07-14 14:43:31 +0000 |
| commit | d03de47b51173dac761e4fdf6e7004661a5565ac (patch) | |
| tree | 1a066dd0a714ca000fe009a1a9a298a3cf264e79 /phpBB/includes | |
| parent | c4a926b4e201380a45e0c4ebe76fba49fa6b42f1 (diff) | |
| download | forums-d03de47b51173dac761e4fdf6e7004661a5565ac.tar forums-d03de47b51173dac761e4fdf6e7004661a5565ac.tar.gz forums-d03de47b51173dac761e4fdf6e7004661a5565ac.tar.bz2 forums-d03de47b51173dac761e4fdf6e7004661a5565ac.tar.xz forums-d03de47b51173dac761e4fdf6e7004661a5565ac.zip | |
Gone but not forgotten ... what's not forgotten? who said that? shut up Paul
git-svn-id: file:///svn/phpbb/trunk@2672 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/auth.php | 325 | ||||
| -rw-r--r-- | phpBB/includes/auth_session.php | 684 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 182 | ||||
| -rw-r--r-- | phpBB/includes/db.php | 66 | ||||
| -rw-r--r-- | phpBB/includes/functions_post.php | 907 | ||||
| -rw-r--r-- | phpBB/includes/functions_search.php | 498 | ||||
| -rw-r--r-- | phpBB/includes/functions_selects.php | 111 | ||||
| -rw-r--r-- | phpBB/includes/prune.php | 159 | ||||
| -rw-r--r-- | phpBB/includes/sessions.php | 403 | ||||
| -rw-r--r-- | phpBB/includes/sql_parse.php | 192 | ||||
| -rw-r--r-- | phpBB/includes/topic_review.php | 13 |
11 files changed, 5 insertions, 3535 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php deleted file mode 100644 index 91ef800b4f..0000000000 --- a/phpBB/includes/auth.php +++ /dev/null @@ -1,325 +0,0 @@ -<?php -/*************************************************************************** - * auth.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -/* - $type's accepted (pre-pend with AUTH_): - VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE - - Possible options ($type/forum_id combinations): - - * If you include a type and forum_id then a specific lookup will be done and - the single result returned - - * If you set type to AUTH_ALL and specify a forum_id an array of all auth types - will be returned - - * If you provide a forum_id a specific lookup on that forum will be done - - * If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the - results for all forums will be returned - - * If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional - array containing the auth permissions for all types and all forums for that - user is returned - - All results are returned as associative arrays, even when a single auth type is - specified. - - If available you can send an array (either one or two dimensional) containing the - forum auth levels, this will prevent the auth function having to do its own - lookup -*/ -function auth($type, $forum_id, $userdata, $f_access = '') -{ - global $db, $lang; - - switch( $type ) - { - case AUTH_ALL: - $a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate'; - $auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); - break; - - case AUTH_VIEW: - $a_sql = 'a.auth_view'; - $auth_fields = array('auth_view'); - break; - - case AUTH_READ: - $a_sql = 'a.auth_read'; - $auth_fields = array('auth_read'); - break; - case AUTH_POST: - $a_sql = 'a.auth_post'; - $auth_fields = array('auth_post'); - break; - case AUTH_REPLY: - $a_sql = 'a.auth_reply'; - $auth_fields = array('auth_reply'); - break; - case AUTH_EDIT: - $a_sql = 'a.auth_edit'; - $auth_fields = array('auth_edit'); - break; - case AUTH_DELETE: - $a_sql = 'a.auth_delete'; - $auth_fields = array('auth_delete'); - break; - - case AUTH_ANNOUNCE: - $a_sql = 'a.auth_announce'; - $auth_fields = array('auth_announce'); - break; - case AUTH_STICKY: - $a_sql = 'a.auth_sticky'; - $auth_fields = array('auth_sticky'); - break; - - case AUTH_POLLCREATE: - $a_sql = 'a.auth_pollcreate'; - $auth_fields = array('auth_pollcreate'); - break; - case AUTH_VOTE: - $a_sql = 'a.auth_vote'; - $auth_fields = array('auth_vote'); - break; - case AUTH_ATTACH: - break; - - default: - break; - } - - // - // If f_access has been passed, or auth is needed to return an array of forums - // then we need to pull the auth information on the given forum (or all forums) - // - if ( empty($f_access) ) - { - $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = $forum_id" : ''; - - $sql = "SELECT a.forum_id, $a_sql - FROM " . FORUMS_TABLE . " a - $forum_match_sql"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); - } - - $sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset'; - - if ( !($f_access = $db->$sql_fetchrow($result)) ) - { - message_die(GENERAL_ERROR, 'No forum access control lists exist', '', __LINE__, __FILE__, $sql); - } - - $db->sql_freeresult($result); - } - - // - // If the user isn't logged on then all we need do is check if the forum - // has the type set to ALL, if yes they are good to go, if not then they - // are denied access - // - $u_access = array(); - if ( $userdata['session_logged_in'] ) - { - $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = $forum_id" : ''; - - $sql = "SELECT a.forum_id, $a_sql, a.auth_mod - FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug - WHERE ug.user_id = ".$userdata['user_id']. " - AND ug.user_pending = 0 - AND a.group_id = ug.group_id - $forum_match_sql"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - if ( $forum_id != AUTH_LIST_ALL) - { - $u_access[] = $row; - } - else - { - do - { - $u_access[$row['forum_id']][] = $row; - } - while( $row = $db->sql_fetchrow($result) ); - } - } - } - - $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; - - $auth_user = array(); - for($i = 0; $i < count($auth_fields); $i++) - { - $key = $auth_fields[$i]; - - // - // If the user is logged on and the forum type is either ALL or REG then the user has access - // - // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions - // to do whatever it is they want to do ... to do this we pull relevant information for the - // user (and any groups they belong to) - // - // Now we compare the users access level against the forums. We assume here that a moderator - // and admin automatically have access to an ACL forum, similarly we assume admins meet an - // auth requirement of MOD - // - if ( $forum_id != AUTH_LIST_ALL ) - { - $value = $f_access[$key]; - - switch( $value ) - { - case AUTH_ALL: - $auth_user[$key] = TRUE; - $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; - break; - - case AUTH_REG: - $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; - $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; - break; - - case AUTH_ACL: - $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; - $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; - break; - - case AUTH_MOD: - $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; - $auth_user[$key . '_type'] = $lang['Auth_Moderators']; - break; - - case AUTH_ADMIN: - $auth_user[$key] = $is_admin; - $auth_user[$key . '_type'] = $lang['Auth_Administrators']; - break; - - default: - $auth_user[$key] = 0; - break; - } - } - else - { - for($k = 0; $k < count($f_access); $k++) - { - $value = $f_access[$k][$key]; - $f_forum_id = $f_access[$k]['forum_id']; - - switch( $value ) - { - case AUTH_ALL: - $auth_user[$f_forum_id][$key] = TRUE; - $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_users']; - break; - - case AUTH_REG: - $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; - $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users']; - break; - - case AUTH_ACL: - $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0; - $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access']; - break; - - case AUTH_MOD: - $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; - $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators']; - break; - - case AUTH_ADMIN: - $auth_user[$f_forum_id][$key] = $is_admin; - $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators']; - break; - - default: - $auth_user[$f_forum_id][$key] = 0; - break; - } - } - } - } - - // - // Is user a moderator? - // - if ( $forum_id != AUTH_LIST_ALL ) - { - $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; - } - else - { - for($k = 0; $k < count($f_access); $k++) - { - $f_forum_id = $f_access[$k]['forum_id']; - - $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; - } - } - - return $auth_user; -} - -function auth_check_user($type, $key, $u_access, $is_admin) -{ - $auth_user = 0; - - if ( count($u_access) ) - { - for($j = 0; $j < count($u_access); $j++) - { - $result = 0; - switch($type) - { - case AUTH_ACL: - $result = $u_access[$j][$key]; - - case AUTH_MOD: - $result = $result || $u_access[$j]['auth_mod']; - - case AUTH_ADMIN: - $result = $result || $is_admin; - break; - } - - $auth_user = $auth_user || $result; - } - } - else - { - $auth_user = $is_admin; - } - - return $auth_user; -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/auth_session.php b/phpBB/includes/auth_session.php deleted file mode 100644 index dd1d000504..0000000000 --- a/phpBB/includes/auth_session.php +++ /dev/null @@ -1,684 +0,0 @@ -<?php -/*************************************************************************** - * sessions.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2002 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -class session { - - var $userdata; - - function start($update = true) - { - global $SID, $db, $board_config, $user_ip; - global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS; - - $current_time = time(); - $session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT']; - $this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; - $this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); - - if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) - { - $sessiondata = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : ''; - $session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : ''; - $sessionmethod = SESSION_METHOD_COOKIE; - } - else - { - $session_data = ''; - $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; - $sessionmethod = SESSION_METHOD_GET; - } - - // - // Load limit check (if applicable) - // - if ( !empty($board_config['limit_load']) && file_exists('/proc/loadavg') ) - { - if ( $load = file('/proc/loadavg') ) - { - $load = explode(' ', $load[0]); - - if ( intval($load[0]) > $board_config['limit_load'] ) - { - message_die(GENERAL_MESSAGE, 'Board_unavailable', 'Information'); - } - } - } - - if ( !empty($session_id) ) - { - // - // session_id exists so go ahead and attempt to grab all data in preparation - // - $sql = "SELECT u.*, s.* - FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u - WHERE s.session_id = '$session_id' - AND u.user_id = s.session_user_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); - } - - $this->userdata = $db->sql_fetchrow($result); - - // - // Did the session exist in the DB? - // - if ( isset($this->userdata['user_id']) ) - { - // - // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 - // bits ... I've been told (by vHiker) this should alleviate problems with - // load balanced et al proxies while retaining some reliance on IP security. - // - $ip_check_s = explode('.', $this->userdata['session_ip']); - $ip_check_u = explode('.', $user_ip); - - if ( $ip_check_s[0].'.'.$ip_check_s[1].'.'.$ip_check_s[2] == $ip_check_u[0].'.'.$ip_check_u[1].'.'.$ip_check_u[2] ) - { - $SID = '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' ); - - // - // Only update session DB a minute or so after last update or if page changes - // - if ( ( $current_time - $this->userdata['session_time'] > 60 || $this->userdata['session_page'] != $this_page ) && $update ) - { - $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_time = $current_time, session_page = '$this_page' - WHERE session_id = '" . $this->userdata['session_id'] . "'"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); - } - - // - // Garbage collection ... remove old sessions updating user information - // if necessary - // - if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] ) - { - $this->gc($current_time); - } - - setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', $session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - } - - $this->config(); - - return $this->userdata; - } - } - } - - // - // If we reach here then no (valid) session exists. So we'll create a new one, - // using the cookie user_id if available to pull basic user prefs. - // - $autologin = ( isset($sessiondata['autologinid']) ) ? $sessiondata['autologinid'] : ''; - $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS; - - // - // Limit connections (for MySQL) or 5 minute sessions (for other DB's) - // - switch ( DB_LAYER ) - { - case 'mysql': - case 'mysql4': - $sql = "SELECT COUNT(*) AS sessions - FROM " . SESSIONS_TABLE . " - WHERE session_time >= " . ( $current_time - 3600 ); - break; - default: - $sql = "SELECT COUNT(*) AS sessions - FROM " . SESSIONS_TABLE . " - WHERE session_time >= " . ( $current_time - 3600 ); - break; - } - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain connection information', '', __LINE__, __FILE__, $sql); - } - - $row = $db->sql_fetchrow[$result]; - - if ( intval($board_config['active_sessions']) && $row['sessions'] >= intval($board_config['active_sessions']) ) - { - message_die(GENERAL_MESSAGE, 'Board_unavailable', 'Information'); - } - - $sql = "SELECT * - FROM " . USERS_TABLE . " - WHERE user_id = $user_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql); - } - - $this->userdata = $db->sql_fetchrow($result); - - // - // Check autologin request, is it valid? - // - if ( $this->userdata['user_password'] != $autologin || !$this->userdata['user_active'] || $user_id == ANONYMOUS ) - { - $autologin = ''; - $this->userdata['user_id'] = $user_id = ANONYMOUS; - } - - $user_ip_parts = explode('.', $user_ip); - - $sql = "SELECT ban_ip, ban_userid, ban_email - FROM " . BANLIST_TABLE . " - WHERE ban_ip IN ( - '" . $user_ip_parts[0] . ".', - '" . $user_ip_parts[0] . "." . $user_ip_parts[1] . ".', - '" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . ".', - '" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . "." . $user_ip_parts[3] . "') - OR ban_userid = " . $this->userdata['user_id']; - if ( $user_id != ANONYMOUS ) - { - $sql .= " OR ban_email LIKE '" . str_replace('\\\'', '\\\'\\\'', $this->userdata['user_email']) . "' - OR ban_email LIKE '" . substr(str_replace('\\\'', '\\\'\\\'', $this->userdata['user_email']), strpos(str_replace('\\\'', '\\\'\\\'', $this->userdata['user_email']), '@')) . "'"; - } - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql); - } - - if ( $ban_info = $db->sql_fetchrow($result) ) - { - if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] ) - { - message_die(CRITICAL_MESSAGE, 'You_been_banned'); - } - } - - // - // Create or update the session - // - $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = '$this_page' - WHERE session_id = '$session_id'"; - if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) - { - $session_id = md5(uniqid($user_ip)); - - $sql = "INSERT INTO " . SESSIONS_TABLE . " - (session_id, session_user_id, session_start, session_time, session_ip, session_browser, session_page) - VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', '$session_browser', '$this_page')"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); - } - } - - $SID = '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' ); - - $sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : ''; - $sessiondata['userid'] = $user_id; - - setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', $session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - - $this->userdata['session_id'] = $session_id; - - $this->config(); - - return $this->userdata; - } - - function destroy($userdata) - { - global $SID, $db, $board_config, $user_ip; - global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS; - - if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) - { - $session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : ''; - } - else - { - $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; - } - - // - // Delete existing session, update last visit info first! - // - $sql = "UPDATE " . USERS_TABLE . " - SET user_lastvisit = " . $userdata['session_time'] . ", user_session_page = '" . $userdata['session_page'] . "' - WHERE user_id = " . $userdata['user_id']; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SESSIONS_TABLE . " - WHERE session_id = '" . $userdata['session_id'] . "' - AND session_user_id = " . $userdata['user_id']; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); - } - - $SID = '?sid='; - - setcookie($board_config['cookie_name'] . '_data', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - - return true; - } - - function gc($current_time) - { - global $db, $board_config, $user_ip; - - $sql = "SELECT * - FROM " . SESSIONS_TABLE . " - WHERE session_time < " . ( $current_time - $board_config['session_length'] ); - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql); - } - - $del_session_id = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - if ( $row['session_logged_in'] ) - { - $sql = "UPDATE " . USERS_TABLE . " - SET user_lastvisit = " . $row['session_time'] . ", user_session_page = '" . $row['session_page'] . "' - WHERE user_id = " . $row['session_user_id']; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql); - } - } - - $del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\''; - } - - if ( $del_session_id != '' ) - { - // - // Delete expired sessions - // - $sql = "DELETE FROM " . SESSIONS_TABLE . " - WHERE session_id IN ($del_session_id)"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); - } - } - - $sql = "UPDATE " . CONFIG_TABLE . " - SET config_value = '$current_time' - WHERE config_name = 'session_last_gc'"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql); - } - - return; - } - - function config() - { - global $db, $template, $lang, $board_config, $theme, $images; - global $phpEx, $phpbb_root_path; - - if ( $this->userdata['user_id'] != ANONYMOUS ) - { - if ( !empty($this->userdata['user_lang'])) - { - $board_config['default_lang'] = $this->userdata['user_lang']; - } - - if ( !empty($this->userdata['user_dateformat']) ) - { - $board_config['default_dateformat'] = $this->userdata['user_dateformat']; - } - - if ( isset($this->userdata['user_timezone']) ) - { - $board_config['board_timezone'] = $this->userdata['user_timezone']; - } - } - - if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) ) - { - $board_config['default_lang'] = 'english'; - } - - include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); - - if ( defined('IN_ADMIN') ) - { - if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) ) - { - $board_config['default_lang'] = 'english'; - } - - include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.' . $phpEx); - } - - // - // Set up style - // - $style = ( !$board_config['override_user_style'] && $this->userdata['user_id'] != ANONYMOUS && $this->userdata['user_style'] > 0 )? $this->userdata['user_style'] : $board_config['default_style']; - - $sql = "SELECT s.style_name, s.template_name, c.css_data, c.css_extra_data - FROM " . STYLES_TABLE . " s, " . STYLES_CSS_TABLE . " c - WHERE s.style_id = $style - AND c.theme_id = s.style_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not query database for theme info'); - } - - if ( !($theme = $db->sql_fetchrow($result)) ) - { - message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); - } - - // - // Unserialize the extra data - // - $theme['css_extra_data'] = unserialize($theme['css_extra_data']); - - $template_path = 'templates/' ; - $template_name = $theme['template_name'] ; - - $template = new Template($phpbb_root_path . $template_path . $template_name); - - if ( $template ) - { - $current_template_path = $template_path . $template_name; - @include($phpbb_root_path . $template_path . $template_name . '/' . $template_name . '.cfg'); - - if ( !defined('TEMPLATE_CONFIG') ) - { - message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); - } - - $img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english'; - - while ( list($key, $value) = @each($images) ) - { - if ( !is_array($value) ) - { - $images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value); - } - } - } - - return; - } -} - -// -// Note this doesn't use the prefetch at present and is very -// incomplete ... purely for testing ... will be keeping my -// eye of 'other products' to ensure these things don't -// mysteriously appear elsewhere, think up your own solutions! -// -class auth { - - var $acl; - - function auth($userdata) - { - global $db; - - $sql = "SELECT ag.forum_id, ag.auth_allow_deny, ao.auth_option - FROM " . USER_GROUP_TABLE . " ug, " . ACL_GROUPS_TABLE . " ag, " . ACL_OPTIONS_TABLE . " ao - WHERE ug.user_id = " . $userdata['user_id'] . " - AND ag.group_id = ug.group_id - AND ao.auth_option_id = ag.auth_option_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - do - { - list($option_main, $option_type) = explode('_', $row['auth_option']); - $this->acl[$row['forum_id']][$option_main][$option_type] = $row['auth_allow_deny']; - } - while ( $row = $db->sql_fetchrow($result) ); - } - $db->sql_freeresult($result); - - $sql = "SELECT au.forum_id, au.auth_allow_deny, ao.auth_option - FROM " . ACL_USERS_TABLE . " au, " . ACL_OPTIONS_TABLE . " ao - WHERE au.user_id = " . $userdata['user_id'] . " - AND ao.auth_option_id = au.auth_option_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - do - { - list($option_main, $option_type) = explode('_', $row['auth_option']); - $this->acl[$row['forum_id']][$option_main][$option_type] = ( isset($this->acl[$row['forum_id']][$option_main][$option_type]) ) ? $this->acl[$row['forum_id']][$option_main][$option_type] && $row['auth_allow_deny'] : $row['auth_allow_deny']; - } - while ( $row = $db->sql_fetchrow($result) ); - } - $db->sql_freeresult($result); - - return; - } - - function get_acl($forum_id = false, $auth_main = false, $auth_type = false) - { - if ( !$forum_id ) - { - if ( !$auth_type && is_array($this->acl) ) - { - @reset($this->acl); - while ( list(, $value1) = @each($this->acl) ) - { - while ( list(, $value2) = @each($value1) ) - { - while ( list(, $value3) = @each($value2) ) - { - if ( $value3 ) - { - return true; - } - } - } - } - return false; - } - else if ( !$auth_main && is_array($this->acl) ) - { - @reset($this->acl); - while ( list(, $value1) = each($this->acl) ) - { - while ( list(, $value2) = each($value1) ) - { - if ( $value2[$auth_type] ) - { - return true; - } - } - } - return false; - } - else - { - return $this->acl; - } - } - else if ( $auth_main && $auth_type ) - { - return $this->acl[$forum_id][$auth_main][$auth_type]; - } - else if ( !$auth_type && is_array($this->acl[$forum_id][$auth_main]) ) - { - @reset($this->acl); - while ( list(, $value) = @each($this->acl[$forum_id][$auth_main]) ) - { - if ( $value ) - { - return true; - } - } - return false; - } - else if ( !$auth_main && is_array($this->acl[$forum_id]) ) - { - @reset($this->acl); - while ( list(, $value) = each($this->acl[$forum_id]) ) - { - if ( $value[$auth_type] ) - { - return true; - } - } - return false; - } - else - { - return $this->acl[$forum_id]; - } - } - - function set_acl($ug_data, $forum_id = false, $auth_list = false, $dependencies = false) - { - global $db; - - $dependencies = array_merge($dependencies, array( - 'admin' => 'mod', - 'mod' => 'forum') - ); - } -} - -// -// Centralised login? May stay, may not ... depends if needed -// -function login($username, $password, $autologin = false) -{ - global $SID, $db, $board_config, $lang, $user_ip; - global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; - - $this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; - $this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); - - $result = false; - - $sql = "SELECT user_id, username, user_password, user_email, user_active, user_level - FROM " . USERS_TABLE . " - WHERE username = '" . str_replace("\'", "''", $username) . "'"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - if ( $row['user_level'] != ADMIN && $board_config['board_disable'] ) - { -// header($header_location . "index.$phpEx$SID"); -// exit; - } - - if ( $board_config['ldap_enable'] && extension_loaded('ldap') ) - { - if ( !($ldap_id = @ldap_connect($board_config['ldap_hostname'])) ) - { - // - // FINISH - // - @ldap_unbind($ldap_id); - } - } - else - { - if ( md5($password) == $row['user_password'] && $row['user_active'] ) - { - $autologin = ( isset($autologin) ) ? md5($password) : ''; - - $user_ip_parts = explode('.', $user_ip); - - $sql = "SELECT ban_ip, ban_userid, ban_email - FROM " . BANLIST_TABLE . " - WHERE ban_ip IN ( - '" . $user_ip_parts[0] . ".', - '" . $user_ip_parts[0] . "." . $user_ip_parts[1] . ".', - '" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . ".', - '" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . "." . $user_ip_parts[3] . "') - OR ban_userid = " . $row['user_id']; - if ( $user_id != ANONYMOUS ) - { - $sql .= " OR ban_email LIKE '" . str_replace('\\\'', '\\\'\\\'', $row['user_email']) . "' - OR ban_email LIKE '" . substr(str_replace('\\\'', '\\\'\\\'', $row['user_email']), strpos(str_replace('\\\'', '\\\'\\\'', $row['user_email']), '@')) . "'"; - } - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql); - } - - if ( $ban_info = $db->sql_fetchrow($result) ) - { - if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] ) - { - message_die(CRITICAL_MESSAGE, 'You_been_banned'); - } - } - - $session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT']; - - $current_time = time(); - - // - // Update the session - // - $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_user_id = " . $row['user_id'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = '$this_page' - WHERE session_id = '" . $userdata['session_id'] . "'"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not update session post-login', '', __LINE__, __FILE__, $sql); - } - - $sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : ''; - $sessiondata['userid'] = $row['user_id']; - - setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - - $result = true; - } - } - } - - return $result; - -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php deleted file mode 100644 index d23f25151e..0000000000 --- a/phpBB/includes/constants.php +++ /dev/null @@ -1,182 +0,0 @@ -<?php -/*************************************************************************** - * constants.php - * ------------------- - * begin : Saturday', Feb 13', 2001 - * copyright : ('C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License', or - * ('at your option) any later version. - * - ***************************************************************************/ - -if ( !defined('IN_PHPBB') ) -{ - die("Hacking attempt"); -} - -// Debug Level -//define('DEBUG', 1); // Debugging on -define('DEBUG', 0); // Debugging off - - -// User Levels <- Do not change the values of USER or ADMIN -define('DELETED', -1); -define('ANONYMOUS', -1); - -define('USER', 0); -define('ADMIN', 1); -define('MOD', 2); - - -// User related -define('USER_ACTIVATION_NONE', 0); -define('USER_ACTIVATION_SELF', 1); -define('USER_ACTIVATION_ADMIN', 2); - -define('USER_AVATAR_NONE', 0); -define('USER_AVATAR_UPLOAD', 1); -define('USER_AVATAR_REMOTE', 2); -define('USER_AVATAR_GALLERY', 3); - - -// Group settings -define('GROUP_OPEN', 0); -define('GROUP_CLOSED', 1); -define('GROUP_HIDDEN', 2); - - -// Forum state -define('FORUM_UNLOCKED', 0); -define('FORUM_LOCKED', 1); - - -// Topic status -define('TOPIC_UNLOCKED', 0); -define('TOPIC_LOCKED', 1); -define('TOPIC_MOVED', 2); -define('TOPIC_WATCH_NOTIFIED', 1); -define('TOPIC_WATCH_UN_NOTIFIED', 0); - - -// Topic types -define('POST_NORMAL', 0); -define('POST_STICKY', 1); -define('POST_ANNOUNCE', 2); -define('POST_GLOBAL_ANNOUNCE', 3); - - -// SQL codes -define('BEGIN_TRANSACTION', 1); -define('END_TRANSACTION', 2); - - -// Error codes -define('GENERAL_MESSAGE', 200); -define('GENERAL_ERROR', 202); -define('CRITICAL_MESSAGE', 203); -define('CRITICAL_ERROR', 204); - - -// Private messaging -define('PRIVMSGS_READ_MAIL', 0); -define('PRIVMSGS_NEW_MAIL', 1); -define('PRIVMSGS_SENT_MAIL', 2); -define('PRIVMSGS_SAVED_IN_MAIL', 3); -define('PRIVMSGS_SAVED_OUT_MAIL', 4); -define('PRIVMSGS_UNREAD_MAIL', 5); - - -// URL PARAMETERS -define('POST_TOPIC_URL', 't'); -define('POST_CAT_URL', 'c'); -define('POST_FORUM_URL', 'f'); -define('POST_USERS_URL', 'u'); -define('POST_POST_URL', 'p'); -define('POST_GROUPS_URL', 'g'); - -// Session parameters -define('SESSION_METHOD_COOKIE', 100); -define('SESSION_METHOD_GET', 101); - - -// Page numbers for session handling -define('PAGE_INDEX', 0); -define('PAGE_LOGIN', -1); -define('PAGE_SEARCH', -2); -define('PAGE_REGISTER', -3); -define('PAGE_PROFILE', -4); -define('PAGE_VIEWONLINE', -6); -define('PAGE_VIEWMEMBERS', -7); -define('PAGE_FAQ', -8); -define('PAGE_POSTING', -9); -define('PAGE_PRIVMSGS', -10); -define('PAGE_GROUPCP', -11); -define('PAGE_TOPIC_OFFSET', 5000); - - -// Auth settings -define('AUTH_LIST_ALL', 0); -define('AUTH_ALL', 0); - -define('AUTH_REG', 1); -define('AUTH_ACL', 2); -define('AUTH_MOD', 3); -define('AUTH_ADMIN', 5); - -define('AUTH_VIEW', 1); -define('AUTH_READ', 2); -define('AUTH_POST', 3); -define('AUTH_REPLY', 4); -define('AUTH_EDIT', 5); -define('AUTH_DELETE', 6); -define('AUTH_ANNOUNCE', 7); -define('AUTH_STICKY', 8); -define('AUTH_POLLCREATE', 9); -define('AUTH_VOTE', 10); -define('AUTH_ATTACH', 11); - - -// Table names -define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access'); -define('BANLIST_TABLE', $table_prefix.'banlist'); -define('CATEGORIES_TABLE', $table_prefix.'categories'); -define('CONFIG_TABLE', $table_prefix.'config'); -define('DISALLOW_TABLE', $table_prefix.'disallow'); -define('FORUMS_TABLE', $table_prefix.'forums'); -define('FORUMS_WATCH_TABLE', $table_prefix.'forums_watch'); -define('GROUPS_TABLE', $table_prefix.'groups'); -define('POSTS_TABLE', $table_prefix.'posts'); -define('POSTS_TEXT_TABLE', $table_prefix.'posts_text'); -define('PRIVMSGS_TABLE', $table_prefix.'privmsgs'); -define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text'); -define('PRIVMSGS_IGNORE_TABLE', $table_prefix.'privmsgs_ignore'); -define('PRUNE_TABLE', $table_prefix.'forum_prune'); -define('RANKS_TABLE', $table_prefix.'ranks'); -define('SEARCH_TABLE', $table_prefix.'search_results'); -define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist'); -define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch'); -define('SESSIONS_TABLE', $table_prefix.'sessions'); -define('SMILIES_TABLE', $table_prefix.'smilies'); -define('THEMES_TABLE', $table_prefix.'themes'); -define('THEMES_NAME_TABLE', $table_prefix.'themes_name'); -define('TOPICS_TABLE', $table_prefix.'topics'); -define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch'); -define('USER_GROUP_TABLE', $table_prefix.'user_group'); -define('USERS_TABLE', $table_prefix.'users'); -define('WORDS_TABLE', $table_prefix.'words'); -define('VOTE_DESC_TABLE', $table_prefix.'vote_desc'); -define('VOTE_RESULTS_TABLE', $table_prefix.'vote_results'); -define('VOTE_USERS_TABLE', $table_prefix.'vote_voters'); - -?>
\ No newline at end of file diff --git a/phpBB/includes/db.php b/phpBB/includes/db.php deleted file mode 100644 index 73ca94fc38..0000000000 --- a/phpBB/includes/db.php +++ /dev/null @@ -1,66 +0,0 @@ -<?php -/*************************************************************************** - * db.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -if ( !defined('IN_PHPBB') ) -{ - die("Hacking attempt"); -} - -switch($dbms) -{ - case 'mysql': - include($phpbb_root_path . 'db/mysql.'.$phpEx); - break; - - case 'mysql4': - include($phpbb_root_path . 'db/mysql4.'.$phpEx); - break; - - case 'postgres': - include($phpbb_root_path . 'db/postgres7.'.$phpEx); - break; - - case 'mssql': - include($phpbb_root_path . 'db/mssql.'.$phpEx); - break; - - case 'oracle': - include($phpbb_root_path . 'db/oracle.'.$phpEx); - break; - - case 'msaccess': - include($phpbb_root_path . 'db/msaccess.'.$phpEx); - break; - - case 'mssql-odbc': - include($phpbb_root_path . 'db/mssql-odbc.'.$phpEx); - break; -} - -// Make the database connection. -$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); -if(!$db->db_connect_id) -{ - message_die(CRITICAL_ERROR, "Could not connect to the database"); -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php deleted file mode 100644 index 0e9f4db454..0000000000 --- a/phpBB/includes/functions_post.php +++ /dev/null @@ -1,907 +0,0 @@ -<?php -/*************************************************************************** - * functions_post.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -if ( !defined('IN_PHPBB') ) -{ - die('Hacking attempt'); -} - -$html_entities_match = array('#&#', '#<#', '#>#'); -$html_entities_replace = array('&', '<', '>'); - -$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); -$unhtml_specialchars_replace = array('>', '<', '"', '&'); - -// -// This function will prepare a posted message for -// entry into the database. -// -function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) -{ - global $board_config; - global $html_entities_match, $html_entities_replace; - global $code_entities_match, $code_entities_replace; - - // - // Clean up the message - // - $message = trim($message); - - if ( $html_on ) - { - $allowed_html_tags = split(',', $board_config['allow_html_tags']); - - $end_html = 0; - $start_html = 1; - $tmp_message = ''; - $message = ' ' . $message . ' '; - - while ( $start_html = strpos($message, '<', $start_html) ) - { - $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 ))); - - if ( $end_html = strpos($message, '>', $start_html) ) - { - $length = $end_html - $start_html + 1; - $hold_string = substr($message, $start_html, $length); - - if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 ) - { - $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); - $hold_string = substr($hold_string, $unclosed_open - 1); - } - - $tagallowed = false; - for($i = 0; $i < sizeof($allowed_html_tags); $i++) - { - $match_tag = trim($allowed_html_tags[$i]); - - if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) ) - { - $tagallowed = true; - } - } - - $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; - - $start_html += $length; - } - else - { - $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); - - $start_html = strlen($message); - $end_html = $start_html; - } - } - - if ( $end_html != strlen($message) && $tmp_message != '' ) - { - $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); - } - - $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message); - } - else - { - $message = preg_replace($html_entities_match, $html_entities_replace, $message); - } - - if( $bbcode_on && $bbcode_uid != '' ) - { - $tmp_message = $message; - if ( ($match_count = preg_match_all('#^(.*?)\[code\](.*?)\[\/code\](.*?)$#is', $tmp_message, $match)) ) - { - $code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#'); - $code_entities_replace = array('<', '>', '"', ':', '[', ']', '(', ')', '{', '}'); - - $message = ''; - - for($i = 0; $i < $match_count; $i++) - { - $message .= $match[1][$i] . '[code]' . preg_replace($code_entities_match, $code_entities_replace, $match[2][$i]) . '[/code]'; - $tmp_message = $match[3][$i]; - } - - $message .= $tmp_message; - } - - $message = bbencode_first_pass($message, $bbcode_uid); - } - - return $message; -} - -function unprepare_message($message) -{ - global $unhtml_specialchars_match, $unhtml_specialchars_replace; - - return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message); -} - -// -// Prepare a message for posting -// -function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length) -{ - global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; - - // Check username - if ( !empty($username) ) - { - $username = htmlspecialchars(trim(strip_tags($username))); - - if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) ) - { - include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); - - $result = validate_username($username); - if ( $result['error'] ) - { - $error_msg .= ( !empty($error_msg) ) ? '<br />' . $result['error_msg'] : $result['error_msg']; - } - } - } - - // Check subject - if ( !empty($subject) ) - { - $subject = htmlspecialchars(trim($subject)); - } - else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) - { - $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; - } - - // Check message - if ( !empty($message) ) - { - $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; - $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); - } - else if ( $mode != 'delete' && $mode != 'polldelete' ) - { - $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; - } - - // - // Handle poll stuff - // - if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) - { - $poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0; - - if ( !empty($poll_title) ) - { - $poll_title = htmlspecialchars(trim($poll_title)); - } - - if( !empty($poll_options) ) - { - $temp_option_text = array(); - while( list($option_id, $option_text) = @each($poll_options) ) - { - $option_text = trim($option_text); - if ( !empty($option_text) ) - { - $temp_option_text[$option_id] = htmlspecialchars($option_text); - } - } - $option_text = $temp_option_text; - - if ( count($poll_options) < 2 ) - { - $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; - } - else if ( count($poll_options) > $board_config['max_poll_options'] ) - { - $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; - } - else if ( $poll_title == '' ) - { - $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; - } - } - } - - return; -} - -// -// Post a new topic/reply/poll or edit existing post/poll -// -function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length) -{ - global $board_config, $lang, $db, $phpbb_root_path, $phpEx; - global $userdata, $user_ip; - - include($phpbb_root_path . 'includes/functions_search.'.$phpEx); - - $current_time = time(); - - if ( $mode == 'newtopic' || $mode == 'reply' ) - { - // - // Flood control - // - $where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; - $sql = "SELECT MAX(post_time) AS last_post_time - FROM " . POSTS_TABLE . " - WHERE $where_sql"; - if ( $result = $db->sql_query($sql) ) - { - if( $row = $db->sql_fetchrow($result) ) - { - if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] ) - { - message_die(GENERAL_MESSAGE, $lang['Flood_Error']); - } - } - } - } - else if ( $mode == 'editpost' ) - { - remove_search_post($post_id); - } - - if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) - { - $topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0; - $sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - - if( $mode == 'newtopic' ) - { - $topic_id = $db->sql_nextid(); - } - } - - $edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; - $sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; - if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - - if( $mode != 'editpost' ) - { - $post_id = $db->sql_nextid(); - } - - $sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - - add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject)); - - // - // Add poll - // - if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 ) - { - $sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - - $delete_option_sql = ''; - $old_poll_result = array(); - if ( $mode == 'editpost' && $post_data['has_poll'] ) - { - $sql = "SELECT vote_option_id, vote_result - FROM " . VOTE_RESULTS_TABLE . " - WHERE vote_id = $poll_id - ORDER BY vote_option_id ASC"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); - } - - while ( $row = $db->sql_fetchrow($result) ) - { - $old_poll_result[$row['vote_option_id']] = $row['vote_result']; - - if( !isset($poll_options[$row['vote_option_id']]) ) - { - $delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; - } - } - } - else - { - $poll_id = $db->sql_nextid(); - } - - @reset($poll_options); - - $poll_option_id = 1; - while ( list($option_id, $option_text) = each($poll_options) ) - { - if( !empty($option_text) ) - { - $option_text = str_replace("\'", "''", $option_text); - $poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0; - - $sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - $poll_option_id++; - } - } - - if( $delete_option_sql != '' ) - { - $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " - WHERE vote_option_id IN ($delete_option_sql)"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); - } - } - } - - $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">'; - $message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>'); - - return false; -} - -// -// Update post stats and details -// -function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id) -{ - global $db; - - $sign = ( $mode == 'delete' ) ? '- 1' : '+ 1'; - $forum_update_sql = "forum_posts = forum_posts $sign"; - $topic_update_sql = ''; - - if ( $mode == 'delete' ) - { - if ( $post_data['last_post'] ) - { - if ( $post_data['first_post'] ) - { - $forum_update_sql .= ', forum_topics = forum_topics - 1'; - } - else - { - - $topic_update_sql .= "topic_replies = topic_replies - 1"; - - $sql = "SELECT MAX(post_id) AS post_id - FROM " . POSTS_TABLE . " - WHERE topic_id = $topic_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - $topic_update_sql .= ', topic_last_post_id = ' . $row['post_id']; - } - } - - if ( $post_data['last_topic'] ) - { - $sql = "SELECT MAX(post_id) AS post_id - FROM " . POSTS_TABLE . " - WHERE forum_id = $forum_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - $forum_update_sql .= ( $row['post_id'] ) ? ', forum_last_post_id = ' . $row['post_id'] : ', forum_last_post_id = 0'; - } - } - } - else if ( $post_data['first_post'] ) - { - $sql = "SELECT MIN(post_id) AS post_id - FROM " . POSTS_TABLE . " - WHERE topic_id = $topic_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['post_id']; - } - } - else - { - $topic_update_sql .= 'topic_replies = topic_replies - 1'; - } - } - else if ( $mode != 'poll_delete' ) - { - $forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" ); - $topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" ); - } - else - { - $topic_update_sql .= 'topic_vote = 0'; - } - - $sql = "UPDATE " . FORUMS_TABLE . " SET - $forum_update_sql - WHERE forum_id = $forum_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - - if ( $topic_update_sql != '' ) - { - $sql = "UPDATE " . TOPICS_TABLE . " SET - $topic_update_sql - WHERE topic_id = $topic_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - } - - if ( $mode != 'poll_delete' ) - { - $sql = "UPDATE " . USERS_TABLE . " - SET user_posts = user_posts $sign - WHERE user_id = $user_id"; - if ( !($result = $db->sql_query($sql, END_TRANSACTION)) ) - { - message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); - } - } - - return; -} - -// -// Delete a post/poll -// -function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id) -{ - global $board_config, $lang, $db, $phpbb_root_path, $phpEx; - global $userdata, $user_ip; - - include($phpbb_root_path . 'includes/functions_search.'.$phpEx); - - $topic_update_sql = ''; - if ( $mode != 'poll_delete' ) - { - $sql = "DELETE FROM " . POSTS_TABLE . " - WHERE post_id = $post_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " - WHERE post_id = $post_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id = $post_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - $forum_update_sql = 'forum_posts = forum_posts - 1'; - $topic_update_sql .= 'topic_replies = topic_replies - 1'; - if ( $post_data['last_post'] ) - { - if ( $post_data['first_post'] ) - { - $sql = "DELETE FROM " . TOPICS_TABLE . " - WHERE topic_id = $topic_id - OR topic_moved_id = $topic_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " - WHERE topic_id = $topic_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - } - } - } - - if( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] ) - { - $sql = "DELETE FROM " . VOTE_DESC_TABLE . " - WHERE vote_id = $poll_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " - WHERE vote_id = $poll_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . VOTE_USERS_TABLE . " - WHERE vote_id = $poll_id"; - if ( !($db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); - } - } - - remove_search_post($post_id); - - if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) - { - $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=" . $forum_id) . '">'; - $message = $lang['Deleted']; - } - else - { - $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=" . $topic_id) . '">'; - $message = ( ( $mode == "poll_delete" ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>'); - } - - $message .= '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>'); - - return; -} - -// -// Handle user notification on new post -// -function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$notify_user) -{ - global $board_config, $lang, $db, $phpbb_root_path, $phpEx; - global $userdata, $user_ip; - - $current_time = time(); - - if ( $mode == 'delete' ) - { - $delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : ""; - $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); - } - } - else - { - if ( $mode == 'reply' || $mode == 'newtopic' ) - { - $sql = "SELECT ban_userid - FROM " . BANLIST_TABLE; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); - } - - $user_id_sql = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - if ( isset($row['ban_userid']) ) - { - $user_id_sql = ', ' . $row['ban_userid']; - } - } - - $sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, f.forum_name - FROM " . FORUMS_WATCH_TABLE . " w, " . FORUMS_TABLE . " f, " . USERS_TABLE . " u - WHERE w.forum_id = $forum_id - AND w.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " ) - AND w.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " - AND f.forum_id = w.forum_id - AND u.user_id = w.user_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain list of forum watchers', '', __LINE__, __FILE__, $sql); - } - - $orig_word = array(); - $replacement_word = array(); - obtain_word_list($orig_word, $replacement_word); - - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $emailer = new emailer($board_config['smtp_delivery']); - - $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); - $script_name_f = ( $script_name != '' ) ? $script_name . '/viewforum.'.$phpEx : 'viewforum.'.$phpEx; - $server_name = trim($board_config['server_name']); - $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://'; - $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/'; - - $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; - - $update_watched_sql = ''; - if ( $row = $db->sql_fetchrow($result) ) - { - $forum_name = unprepare_message($row['forum_name']); - - do - { - if ( $row['user_email'] != '' ) - { - $emailer->use_template('forum_notify', $row['user_lang']); - $emailer->email_address($row['user_email']); - $emailer->set_subject();//$lang['Topic_reply_notification'] - $emailer->extra_headers($email_headers); - - $emailer->assign_vars(array( - 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), - 'USERNAME' => $row['username'], - 'SITENAME' => $board_config['sitename'], - 'FORUM_NAME' => $forum_name, - - 'U_FORUM' => $server_protocol . $server_name . $server_port . $script_name_f . '?' . POST_FORUM_URL . "=$forum_id", - 'U_STOP_WATCHING_FORUM' => $server_protocol . $server_name . $server_port . $script_name_f . '?' . POST_FORUM_URL . "=$forum_id&unwatch=forum") - ); - - $emailer->send(); - $emailer->reset(); - - $update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id']; - } - } - while ( $row = $db->sql_fetchrow($result) ); - } - - if ( $update_watched_sql != '' ) - { - $sql = "UPDATE " . FORUMS_WATCH_TABLE . " - SET notify_status = " . TOPIC_WATCH_NOTIFIED . " - WHERE forum_id = $forum_id - AND user_id IN ($update_watched_sql)"; - $db->sql_query($sql); - } - - if ( $mode == 'reply' ) - { - $sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, t.topic_title - FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u - WHERE tw.topic_id = $topic_id - AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " ) - AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " - AND t.topic_id = tw.topic_id - AND u.user_id = tw.user_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); - } - - $script_name_t = ( $script_name != '' ) ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; - $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; - - $update_watched_sql = ''; - if ( $row = $db->sql_fetchrow($result) ) - { - $topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])); - - do - { - if ( $row['user_email'] != '' ) - { - $emailer->use_template('topic_notify', $row['user_lang']); - $emailer->email_address($row['user_email']); - $emailer->set_subject();//$lang['Topic_reply_notification'] - $emailer->extra_headers($email_headers); - - $emailer->assign_vars(array( - 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), - 'USERNAME' => $row['username'], - 'SITENAME' => $board_config['sitename'], - 'TOPIC_TITLE' => $topic_title, - - 'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name_t . '?' . POST_POST_URL . "=$post_id#$post_id", - 'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name_t . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic") - ); - - $emailer->send(); - $emailer->reset(); - - $update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id']; - } - } - while ( $row = $db->sql_fetchrow($result) ); - } - - if ( $update_watched_sql != '' ) - { - $sql = "UPDATE " . TOPICS_WATCH_TABLE . " - SET notify_status = " . TOPIC_WATCH_NOTIFIED . " - WHERE topic_id = $topic_id - AND user_id IN ($update_watched_sql)"; - $db->sql_query($sql); - } - } - - } - - $sql = "SELECT topic_id - FROM " . TOPICS_WATCH_TABLE . " - WHERE topic_id = $topic_id - AND user_id = " . $userdata['user_id']; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); - } - - $row = $db->sql_fetchrow($result); - - if ( !$notify_user && !empty($row['topic_id']) ) - { - $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " - WHERE topic_id = $topic_id - AND user_id = " . $userdata['user_id']; - if ( !$result = $db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); - } - } - else if ( $notify_user && empty($row['topic_id']) ) - { - $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) - VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); - } - } - } -} - -// -// Fill smiley templates (or just the variables) with smileys -// Either in a window or inline -// -function generate_smilies($mode, $page_id) -{ - global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; - global $user_ip, $session_length, $starttime; - global $userdata; - - $inline_columns = 4; - $inline_rows = 5; - $window_columns = 8; - - if ( $mode == 'window' ) - { - $userdata = session_pagestart($user_ip, $page_id); - init_userprefs($userdata); - - $gen_simple_header = TRUE; - - $page_title = $lang['Review_topic'] . " - $topic_title"; - include($phpbb_root_path . 'includes/page_header.'.$phpEx); - - $template->set_filenames(array( - 'smiliesbody' => 'posting_smilies.tpl') - ); - } - - $sql = "SELECT emoticon, code, smile_url - FROM " . SMILIES_TABLE . " - ORDER BY smilies_id"; - if ( $result = $db->sql_query($sql) ) - { - $num_smilies = 0; - $rowset = array(); - while ( $row = $db->sql_fetchrow($result) ) - { - if ( empty($rowset[$row['smile_url']]) ) - { - $rowset[$row['smile_url']]['code'] = str_replace('\\', '\\\\', str_replace("'", "\\'", $row['code'])); - $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; - $num_smilies++; - } - } - - if ( $num_smilies ) - { - $smilies_count = ( $mode == 'inline' ) ? min(19, $num_smilies) : $num_smilies; - $smilies_split_row = ( $mode == 'inline' ) ? $inline_columns - 1 : $window_columns - 1; - - $s_colspan = 0; - $row = 0; - $col = 0; - - while ( list($smile_url, $data) = @each($rowset) ) - { - if ( !$col ) - { - $template->assign_block_vars('smilies_row', array()); - } - - $template->assign_block_vars('smilies_row.smilies_col', array( - 'SMILEY_CODE' => $data['code'], - 'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url, - 'SMILEY_DESC' => $data['emoticon']) - ); - - $s_colspan = max($s_colspan, $col + 1); - - if ( $col == $smilies_split_row ) - { - if ( $mode == 'inline' && $row == $inline_rows - 1 ) - { - break; - } - $col = 0; - $row++; - } - else - { - $col++; - } - } - - if ( $mode == 'inline' && $num_smilies > $inline_rows * $inline_columns ) - { - $template->assign_block_vars('switch_smilies_extra', array()); - - $template->assign_vars(array( - 'L_MORE_SMILIES' => $lang['More_emoticons'], - 'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies")) - ); - } - - $template->assign_vars(array( - 'L_EMOTICONS' => $lang['Emoticons'], - 'L_CLOSE_WINDOW' => $lang['Close_window'], - 'S_SMILIES_COLSPAN' => $s_colspan) - ); - } - } - - if ( $mode == 'window' ) - { - $template->pparse('smiliesbody'); - - include($phpbb_root_path . 'includes/page_tail.'.$phpEx); - } -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/functions_search.php b/phpBB/includes/functions_search.php deleted file mode 100644 index b02d094b6b..0000000000 --- a/phpBB/includes/functions_search.php +++ /dev/null @@ -1,498 +0,0 @@ -<?php -/*************************************************************************** -* functions_search.php -* ------------------- -* begin : Wed Sep 05 2001 -* copyright : (C) 2001 The phpBB Group -* email : support@phpbb.com -* -* $Id$ -* -****************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -function clean_words($mode, &$entry, &$stopword_list, &$synonym_list) -{ - // Weird, $init_match doesn't work with static when double quotes (") are used... - static $drop_char_match = array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!'); - static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ', ' ', ' '); - - $entry = ' ' . strip_tags(strtolower($entry)) . ' '; - - if ( $mode == 'post' ) - { - // Replace line endings by a space - $entry = preg_replace('/[\n\r]/is', ' ', $entry); - // HTML entities like - $entry = preg_replace('/\b&[a-z]+;\b/', ' ', $entry); - // Remove URL's - $entry = preg_replace('/\b[a-z0-9]+:\/\/[a-z0-9\.\-]+(\/[a-z0-9\?\.%_\-\+=&\/]+)?/', ' ', $entry); - // Quickly remove BBcode. - $entry = preg_replace('/\[img:[a-z0-9]{10,}\].*?\[\/img:[a-z0-9]{10,}\]/', ' ', $entry); - $entry = preg_replace('/\[\/?url(=.*?)?\]/', ' ', $entry); - $entry = preg_replace('/\[\/?[a-z\*=\+\-]+(\:?[0-9a-z]+)?:[a-z0-9]{10,}(\:[a-z0-9]+)?=?.*?\]/', ' ', $entry); - } - else if ( $mode == 'search' ) - { - $entry = str_replace('+', ' and ', $entry); - $entry = str_replace('-', ' not ', $entry); - } - - // Replace numbers on their own - $entry = preg_replace('/\b[0-9]+\b/', ' ', $entry); - - // - // Filter out strange characters like ^, $, &, change "it's" to "its" - // - for($i = 0; $i < count($drop_char_match); $i++) - { - $entry = str_replace($drop_char_match[$i], $drop_char_replace[$i], $entry); - } - - if ( $mode == 'post' ) - { - $entry = str_replace('*', ' ', $entry); - - // 'words' that consist of <=3 or >=25 characters are removed. - $entry = preg_replace('/\b([a-z0-9]{1,3}|[a-z0-9]{20,})\b/',' ', $entry); - } - - if ( !empty($stopword_list) ) - { - for ($j = 0; $j < count($stopword_list); $j++) - { - $stopword = trim($stopword_list[$j]); - - if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) - { - $entry = preg_replace('#\b' . preg_quote($stopword) . '\b#', ' ', $entry); - } - } - } - - if ( !empty($synonym_list) ) - { - for ($j = 0; $j < count($synonym_list); $j++) - { - list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); - if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) - { - $entry = preg_replace('#\b' . trim($match_synonym) . '\b#', ' ' . trim($replace_synonym) . ' ', $entry); - } - } - } - - return $entry; -} - -function split_words(&$entry, $mode = 'post') -{ - if ( $mode == 'post' ) - { - preg_match_all("/\b(\w[\w']*\w+|\w+?)\b/", $entry, $split_entries); - } - else - { - preg_match_all('/(\*?[a-z0-9]+\*?)|\b([a-z0-9]+)\b/', $entry, $split_entries); - } - - return $split_entries[1]; -} - -function add_search_words($post_id, $post_text, $post_title = '') -{ - global $db, $phpbb_root_path, $board_config, $lang; - - $stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); - $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); - - $search_raw_words = array(); - $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); - $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); - - $word = array(); - $word_insert_sql = array(); - while ( list($word_in, $search_matches) = @each($search_raw_words) ) - { - $word_insert_sql[$word_in] = ''; - if ( !empty($search_matches) ) - { - for ($i = 0; $i < count($search_matches); $i++) - { - $search_matches[$i] = trim($search_matches[$i]); - - if( $search_matches[$i] != '' ) - { - $word[] = $search_matches[$i]; - if ( !strstr($word_insert_sql[$word_in], "'" . $search_matches[$i] . "'") ) - { - $word_insert_sql[$word_in] .= ( $word_insert_sql[$word_in] != "" ) ? ", '" . $search_matches[$i] . "'" : "'" . $search_matches[$i] . "'"; - } - } - } - } - } - - if ( count($word) ) - { - sort($word); - - $prev_word = ''; - $word_text_sql = ''; - $temp_word = array(); - for($i = 0; $i < count($word); $i++) - { - if ( $word[$i] != $prev_word ) - { - $temp_word[] = $word[$i]; - $word_text_sql .= ( ( $word_text_sql != '' ) ? ', ' : '' ) . "'" . $word[$i] . "'"; - } - $prev_word = $word[$i]; - } - $word = $temp_word; - - $check_words = array(); - switch( SQL_LAYER ) - { - case 'postgresql': - case 'msaccess': - case 'mssql-odbc': - case 'oracle': - case 'db2': - $sql = "SELECT word_id, word_text - FROM " . SEARCH_WORD_TABLE . " - WHERE word_text IN ($word_text_sql)"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not select words', '', __LINE__, __FILE__, $sql); - } - - while ( $row = $db->sql_fetchrow($result) ) - { - $check_words[$row['word_text']] = $row['word_id']; - } - break; - } - - $value_sql = ''; - $match_word = array(); - for ($i = 0; $i < count($word); $i++) - { - $new_match = true; - if ( isset($check_words[$word[$i]]) ) - { - $new_match = false; - } - - if ( $new_match ) - { - switch( SQL_LAYER ) - { - case 'mysql': - case 'mysql4': - $value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\')'; - break; - case 'mssql': - $value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "'"; - break; - default: - $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text) - VALUES ('" . $word[$i] . "')"; - if( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql); - } - break; - } - } - } - - if ( $value_sql != '' ) - { - switch ( SQL_LAYER ) - { - case 'mysql': - case 'mysql4': - $sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text) - VALUES $value_sql"; - break; - case 'mssql': - $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text) - $value_sql"; - break; - } - - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql); - } - } - } - - while( list($word_in, $match_sql) = @each($word_insert_sql) ) - { - $title_match = ( $word_in == 'title' ) ? 1 : 0; - - if ( $match_sql != '' ) - { - $sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) - SELECT $post_id, word_id, $title_match - FROM " . SEARCH_WORD_TABLE . " - WHERE word_text IN ($match_sql)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not insert new word matches', '', __LINE__, __FILE__, $sql); - } - } - } - - if ( $mode == 'single' ) - { - remove_common('single', 0.4, $word); - } - - return; -} - -// -// Check if specified words are too common now -// -function remove_common($mode, $fraction, $word_id_list = array()) -{ - global $db; - - $sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); - } - - $row = $db->sql_fetchrow($result); - - if ( $row['total_posts'] >= 100 ) - { - $common_threshold = floor($row['total_posts'] * $fraction); - - if ( $mode == 'single' && count($word_id_list) ) - { - $word_id_sql = ''; - for($i = 0; $i < count($word_id_list); $i++) - { - $word_id_sql .= ( ( $word_id_sql != '' ) ? ', ' : '' ) . "'" . $word_id_list[$i] . "'"; - } - - $sql = "SELECT m.word_id - FROM " . SEARCH_MATCH_TABLE . " m, " . SEARCH_WORD_TABLE . " w - WHERE w.word_text IN ($word_id_sql) - AND m.word_id = w.word_id - GROUP BY m.word_id - HAVING COUNT(m.word_id) > $common_threshold"; - } - else - { - $sql = "SELECT word_id - FROM " . SEARCH_MATCH_TABLE . " - GROUP BY word_id - HAVING COUNT(word_id) > $common_threshold"; - } - - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain common word list', '', __LINE__, __FILE__, $sql); - } - - $common_word_id = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - $common_word_id .= ( ( $common_word_id != '' ) ? ', ' : '' ) . $row['word_id']; - } - $db->sql_freeresult($result); - - if ( $common_word_id != '' ) - { - $sql = "UPDATE " . SEARCH_WORD_TABLE . " - SET word_common = " . TRUE . " - WHERE word_id IN ($common_word_id)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete word list entry', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE word_id IN ($common_word_id)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete word match entry', '', __LINE__, __FILE__, $sql); - } - } - } - - return $word_count; -} - -function remove_search_post($post_id_sql) -{ - global $db; - - $words_removed = false; - - switch ( SQL_LAYER ) - { - case 'mysql': - case 'mysql4': - $sql = "SELECT word_id - FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($post_id_sql) - GROUP BY word_id"; - if ( $result = $db->sql_query($sql) ) - { - $word_id_sql = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - $word_id_sql .= ( $word_id_sql != '' ) ? ', ' . $row['word_id'] : $row['word_id']; - } - - $sql = "SELECT word_id - FROM " . SEARCH_MATCH_TABLE . " - WHERE word_id IN ($word_id_sql) - GROUP BY word_id - HAVING COUNT(word_id) = 1"; - if ( $result = $db->sql_query($sql) ) - { - $word_id_sql = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - $word_id_sql .= ( $word_id_sql != '' ) ? ', ' . $row['word_id'] : $row['word_id']; - } - - if ( $word_id_sql != '' ) - { - $sql = "DELETE FROM " . SEARCH_WORD_TABLE . " - WHERE word_id IN ($word_id_sql)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete word list entry', '', __LINE__, __FILE__, $sql); - } - - $words_removed = $db->sql_affectedrows(); - } - } - } - break; - - default: - $sql = "DELETE FROM " . SEARCH_WORD_TABLE . " - WHERE word_id IN ( - SELECT word_id - FROM " . SEARCH_MATCH_TABLE . " - WHERE word_id IN ( - SELECT word_id - FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($post_id_sql) - GROUP BY word_id - ) - GROUP BY word_id - HAVING COUNT(word_id) = 1 - )"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete old words from word table', '', __LINE__, __FILE__, $sql); - } - - $words_removed = $db->sql_affectedrows(); - - break; - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($post_id_sql)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); - } - - return $words_removed; -} - -// -// Username search -// -function username_search($search_match) -{ - global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; - global $starttime, $gen_simple_header; - - $gen_simple_header = TRUE; - - $username_list = ''; - if ( !empty($search_match) ) - { - $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match))); - - $sql = "SELECT username - FROM " . USERS_TABLE . " - WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' - ORDER BY username"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - do - { - $username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>'; - } - while ( $row = $db->sql_fetchrow($result) ); - } - else - { - $username_list .= '<option>' . $lang['No_match']. '</option>'; - } - $db->sql_freeresult($result); - } - - $page_title = $lang['Search']; - include($phpbb_root_path . 'includes/page_header.'.$phpEx); - - $template->set_filenames(array( - 'search_user_body' => 'search_username.tpl') - ); - - $template->assign_vars(array( - 'USERNAME' => ( !empty($search_match) ) ? $search_match : '', - - 'L_CLOSE_WINDOW' => $lang['Close_window'], - 'L_SEARCH_USERNAME' => $lang['Find_username'], - 'L_UPDATE_USERNAME' => $lang['Select_username'], - 'L_SELECT' => $lang['Select'], - 'L_SEARCH' => $lang['Search'], - 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], - 'L_CLOSE_WINDOW' => $lang['Close_window'], - - 'S_USERNAME_OPTIONS' => $username_list, - 'S_SEARCH_ACTION' => append_sid("search.$phpEx?mode=searchuser")) - ); - - if ( $username_list != '' ) - { - $template->assign_block_vars('switch_select_name', array()); - } - - $template->pparse('search_user_body'); - - include($phpbb_root_path . 'includes/page_tail.'.$phpEx); - - return; -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/functions_selects.php b/phpBB/includes/functions_selects.php deleted file mode 100644 index 9207094348..0000000000 --- a/phpBB/includes/functions_selects.php +++ /dev/null @@ -1,111 +0,0 @@ -<?php -/*************************************************************************** - * function_selects.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * - ***************************************************************************/ - -// -// Pick a language, any language ... -// -function language_select($default, $select_name = "language", $dirname="language") -{ - global $phpEx; - - $dir = opendir($dirname); - - $lang = array(); - while ( $file = readdir($dir) ) - { - if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) ) - { - $filename = trim(str_replace("lang_", "", $file)); - $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); - $displayname = preg_replace("/\[(.*?)_(.*)\]/", "[ \\1 - \\2 ]", $displayname); - $lang[$displayname] = $filename; - } - } - - closedir($dir); - - @asort($lang); - @reset($lang); - - $lang_select = '<select name="' . $select_name . '">'; - while ( list($displayname, $filename) = @each($lang) ) - { - $selected = ( strtolower($default) == strtolower($filename) ) ? ' selected="selected"' : ''; - $lang_select .= '<option value="' . $filename . '"' . $selected . '>' . ucwords($displayname) . '</option>'; - } - $lang_select .= '</select>'; - - return $lang_select; -} - -// -// Pick a template/theme combo, -// -function style_select($default_style, $select_name = "style", $dirname = "templates") -{ - global $db; - - $sql = "SELECT themes_id, style_name - FROM " . THEMES_TABLE . " - ORDER BY template_name, themes_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, "Couldn't query themes table", "", __LINE__, __FILE__, $sql); - } - - $style_select = '<select name="' . $select_name . '">'; - while ( $row = $db->sql_fetchrow($result) ) - { - $selected = ( $row['themes_id'] == $default_style ) ? ' selected="selected"' : ''; - - $style_select .= '<option value="' . $row['themes_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>'; - } - $style_select .= "</select>"; - - return $style_select; -} - -// -// Pick a timezone -// -function tz_select($default, $select_name = 'timezone') -{ - global $sys_timezone, $lang; - - if ( !isset($default) ) - { - $default == $sys_timezone; - } - $tz_select = '<select name="' . $select_name . '">'; - - while( list($offset, $zone) = @each($lang['tz']) ) - { - $selected = ( $offset == $default ) ? ' selected="selected"' : ''; - $tz_select .= '<option value="' . $offset . '"' . $selected . '>' . $zone . '</option>'; - } - $tz_select .= '</select>'; - - return $tz_select; -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/prune.php b/phpBB/includes/prune.php deleted file mode 100644 index 1d2f17e57d..0000000000 --- a/phpBB/includes/prune.php +++ /dev/null @@ -1,159 +0,0 @@ -<?php -/*************************************************************************** -* prune.php -* ------------------- -* begin : Thursday, June 14, 2001 -* copyright : (C) 2001 The phpBB Group -* email : support@phpbb.com -* -* $Id$ -* -* -***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -if ( !defined('IN_PHPBB') ) -{ - die("Hacking attempt"); -} - -require($phpbb_root_path . 'includes/functions_search.'.$phpEx); - -function prune($forum_id, $prune_date) -{ - global $db, $lang; - - // - // Those without polls ... - // - $sql = "SELECT t.topic_id - FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t - WHERE t.forum_id = $forum_id - AND t.topic_vote = 0 - AND t.topic_type <> " . POST_ANNOUNCE . " - AND ( p.post_id = t.topic_last_post_id - OR t.topic_last_post_id = 0 )"; - if ( $prune_date != '' ) - { - $sql .= " AND p.post_time < $prune_date"; - } - - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain lists of topics to prune', '', __LINE__, __FILE__, $sql); - } - - $sql_topics = ''; - while( $row = $db->sql_fetchrow($result) ) - { - $sql_topics .= ( ( $sql_topics != '' ) ? ', ' : '' ) . $row['topic_id']; - } - - if( $sql_topics != '' ) - { - $sql = "SELECT post_id - FROM " . POSTS_TABLE . " - WHERE forum_id = $forum_id - AND topic_id IN ($sql_topics)"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain list of posts to prune', '', __LINE__, __FILE__, $sql); - } - - $sql_post = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; - } - - if ( $sql_post != '' ) - { - $sql = "DELETE FROM " . TOPICS_TABLE . " - WHERE topic_id IN ($sql_topics)"; - if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) - { - message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); - } - - $pruned_topics = $db->sql_affectedrows(); - - $sql = "DELETE FROM " . POSTS_TABLE . " - WHERE post_id IN ($sql_post)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete post_text during prune', '', __LINE__, __FILE__, $sql); - } - - $pruned_posts = $db->sql_affectedrows(); - - $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " - WHERE post_id IN ($sql_post)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete post during prune', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($sql_post)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete search matches', '', __LINE__, __FILE__, $sql); - } - - remove_search_post($sql_post); - - return array ('topics' => $pruned_topics, 'posts' => $pruned_posts); - } - } - - return array('topics' => 0, 'posts' => 0); -} - -// -// Function auto_prune(), this function will read the configuration data from -// the auto_prune table and call the prune function with the necessary info. -// -function auto_prune($forum_id = 0) -{ - global $db, $lang; - - $sql = "SELECT * - FROM " . PRUNE_TABLE . " - WHERE forum_id = $forum_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not read auto_prune table', '', __LINE__, __FILE__, $sql); - } - - if ( $row = $db->sql_fetchrow($result) ) - { - if ( $row['prune_freq'] && $row['prune_days'] ) - { - $prune_date = time() - ( $row['prune_days'] * 86400 ); - $next_prune = time() + ( $row['prune_freq'] * 86400 ); - - prune($forum_id, $prune_date); - sync('forum', $forum_id); - - $sql = "UPDATE " . FORUMS_TABLE . " - SET prune_next = $next_prune - WHERE forum_id = $forum_id"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not update forum table', '', __LINE__, __FILE__, $sql); - } - } - } - - return; -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php deleted file mode 100644 index d883be8ca5..0000000000 --- a/phpBB/includes/sessions.php +++ /dev/null @@ -1,403 +0,0 @@ -<?php -/*************************************************************************** - * sessions.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -if ( !defined('IN_PHPBB') ) -{ - die('Hacking attempt'); - exit; -} - -function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) -{ - global $db, $board_config; - global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; - - $cookiename = $board_config['cookie_name']; - $cookiepath = $board_config['cookie_path']; - $cookiedomain = $board_config['cookie_domain']; - $cookiesecure = $board_config['cookie_secure']; - $SID = '?sid='; - - if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) - { - $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; - $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; - $sessionmethod = SESSION_METHOD_COOKIE; - } - else - { - $sessiondata = ''; - $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; - $sessionmethod = SESSION_METHOD_GET; - } - - $last_visit = 0; - $current_time = time(); - $expiry_time = $current_time - $board_config['session_length']; - - // - // Try and pull the last time stored in a cookie, if it exists - // - $sql = "SELECT * - FROM " . USERS_TABLE . " - WHERE user_id = $user_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql); - } - - $userdata = $db->sql_fetchrow($result); - - if ( $user_id != ANONYMOUS ) - { - $auto_login_key = $userdata['user_password']; - - if ( $auto_create ) - { - if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) - { - // We have to login automagically - if( $sessiondata['autologinid'] == $auto_login_key ) - { - // autologinid matches password - $login = 1; - $enable_autologin = 1; - } - else - { - // No match; don't login, set as anonymous user - $login = 0; - $enable_autologin = 0; - $user_id = ANONYMOUS; - } - } - else - { - // Autologin is not set. Don't login, set as anonymous user - $login = 0; - $enable_autologin = 0; - $user_id = ANONYMOUS; - } - } - else - { - $login = 1; - } - } - else - { - $login = 0; - $enable_autologin = 0; - } - - // - // Initial ban check against user id, IP and email address - // - $user_ip_parts = explode('.', $user_ip); - - $sql = "SELECT ban_ip, ban_userid, ban_email - FROM " . BANLIST_TABLE . " - WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . ".256', '" . $user_ip_parts[1] . $user_ip_parts[2] . ".256.256', '" . $user_ip_parts[1] . "256.256.256') - OR ban_userid = $user_id"; - if ( $user_id != ANONYMOUS ) - { - $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $row['user_email']) . "' - OR ban_email LIKE '" . substr(str_replace("\'", "''", $row['user_email']), strpos(str_replace("\'", "''", $row['user_email']), "@")) . "'"; - } - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql); - } - - if ( $ban_info = $db->sql_fetchrow($result) ) - { - if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] ) - { - message_die(CRITICAL_MESSAGE, 'You_been_banned'); - } - } - - // - // Create or update the session - // - $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login - WHERE session_id = '" . $session_id . "'"; - if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) - { - $session_id = md5(uniqid($user_ip)); - - $sql = "INSERT INTO " . SESSIONS_TABLE . " - (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) - VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); - } - } - - if ( $user_id != ANONYMOUS ) - { - $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; - - $sql = "UPDATE " . USERS_TABLE . " - SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit - WHERE user_id = $user_id"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); - } - - $userdata['user_lastvisit'] = $last_visit; - - $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : ''; - $sessiondata['userid'] = $user_id; - } - - $userdata['session_id'] = $session_id; - $userdata['session_ip'] = $user_ip; - $userdata['session_user_id'] = $user_id; - $userdata['session_logged_in'] = $login; - $userdata['session_page'] = $page_id; - $userdata['session_start'] = $current_time; - $userdata['session_time'] = $current_time; - - setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); - setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); - - $SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : ''; - - return $userdata; -} - -// -// Checks for a given user session, tidies session table and updates user -// sessions at each page refresh -// -function session_pagestart($user_ip, $thispage_id) -{ - global $db, $lang, $board_config; - global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; - - unset($userdata); - $cookiename = $board_config['cookie_name']; - $cookiepath = $board_config['cookie_path']; - $cookiedomain = $board_config['cookie_domain']; - $cookiesecure = $board_config['cookie_secure']; - $SID = '?sid='; - - $current_time = time(); - - if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) - { - $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; - $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; - $sessionmethod = SESSION_METHOD_COOKIE; - } - else - { - $session_data = ''; - $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; - $sessionmethod = SESSION_METHOD_GET; - } - - // - // Does a session exist? - // - if ( !empty($session_id) ) - { - // - // session_id exists so go ahead and attempt to grab all - // data in preparation - // - $sql = "SELECT u.*, s.* - FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u - WHERE s.session_id = '$session_id' - AND u.user_id = s.session_user_id"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); - } - - $userdata = $db->sql_fetchrow($result); - - // - // Did the session exist in the DB? - // - if ( isset($userdata['user_id']) ) - { - $SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : ''; - - // - // Only update session DB a minute or so after last update - // - if ( $current_time - $userdata['session_time'] > 60 || $userdata['session_page'] != $thispage_id ) - { - $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_time = $current_time, session_page = $thispage_id - WHERE session_id = '" . $userdata['session_id'] . "'"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); - } - - if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] ) - { - session_gc($session_id, $current_time); - } - - setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); - setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); - } - - return $userdata; - } - } - - // - // If we reach here then no (valid) session exists. So we'll create a new one, - // using the cookie user_id if available to pull basic user prefs. - // - $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS; - - if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) - { - message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql); - } - - return $userdata; - -} - -// -// session_end closes out a session deleting the corresponding entry -// in the sessions table -// -function session_end($session_id, $user_id) -{ - global $db, $lang, $board_config; - global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; - - $cookiename = $board_config['cookie_name']; - $cookiepath = $board_config['cookie_path']; - $cookiedomain = $board_config['cookie_domain']; - $cookiesecure = $board_config['cookie_secure']; - $SID = '?sid='; - - // - // Pull cookiedata or grab the URI propagated sid - // - if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ) - { - $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; - } - else - { - $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; - } - - // - // Delete existing session - // - $sql = "DELETE FROM " . SESSIONS_TABLE . " - WHERE session_id = '$session_id' - AND session_user_id = $user_id"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); - } - - setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); - setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); - - return true; -} - -function session_gc($session_id, $current_time) -{ - global $db, $board_config; - - $sql = "SELECT * - FROM " . SESSIONS_TABLE . " - WHERE session_time < " . ( $current_time - $board_config['session_length'] ); - if ( !($result = $db->sql_query($sql)) ) - { - message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql); - } - - $del_session_id = ''; - while ( $row = $db->sql_fetchrow($result) ) - { - if ( $row['session_logged_in'] ) - { - $sql = "UPDATE " . USERS_TABLE . " - SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . " - WHERE user_id = " . $row['session_user_id']; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql); - } - } - - $del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\''; - } - - if ( $del_session_id != '' ) - { - // - // Delete expired sessions - // - $sql = "DELETE FROM " . SESSIONS_TABLE . " - WHERE session_id IN ($del_session_id)"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); - } - } - - $sql = "UPDATE " . CONFIG_TABLE . " - SET config_value = '$current_time' - WHERE config_name = 'session_last_gc'"; - if ( !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql); - } - - return; -} - - -// -// Append $SID to a url. Borrowed from phplib and modified. -// -// This routine is doomed I think, instead we just set a URL$SID for -// appropriate URLs rather than this append stuff. For the time being -// this change will break URL based session propagation -// -function append_sid($url, $non_html_amp = false) -{ - global $SID; - - return $url; -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/sql_parse.php b/phpBB/includes/sql_parse.php deleted file mode 100644 index 9761dd315c..0000000000 --- a/phpBB/includes/sql_parse.php +++ /dev/null @@ -1,192 +0,0 @@ -<?php -/*************************************************************************** -* sql_parse.php -* ------------------- -* begin : Thu May 31, 2001 -* copyright : (C) 2001 The phpBB Group -* email : support@phpbb.com -* -* $Id$ -* -****************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ - -/*************************************************************************** -* -* These functions are mainly for use in the db_utilities under the admin -* however in order to make these functions available elsewhere, specifically -* in the installation phase of phpBB I have seperated out a couple of -* functions into this file. JLH -* -\***************************************************************************/ - -// -// remove_comments will strip the sql comment lines out of an uploaded sql file -// specifically for mssql and postgres type files in the install.... -// -function remove_comments(&$output) -{ - $lines = explode("\n", $output); - $output = ""; - - // try to keep mem. use down - $linecount = count($lines); - - $in_comment = false; - for($i = 0; $i < $linecount; $i++) - { - if( preg_match("/^\/\*/", preg_quote($lines[$i])) ) - { - $in_comment = true; - } - - if( !$in_comment ) - { - $output .= $lines[$i] . "\n"; - } - - if( preg_match("/\*\/$/", preg_quote($lines[$i])) ) - { - $in_comment = false; - } - } - - unset($lines); - return $output; -} - -// -// remove_remarks will strip the sql comment lines out of an uploaded sql file -// -function remove_remarks($sql) -{ - $lines = explode("\n", $sql); - - // try to keep mem. use down - $sql = ""; - - $linecount = count($lines); - $output = ""; - - for ($i = 0; $i < $linecount; $i++) - { - if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0)) - { - if ($lines[$i][0] != "#") - { - $output .= $lines[$i] . "\n"; - } - else - { - $output .= "\n"; - } - // Trading a bit of speed for lower mem. use here. - $lines[$i] = ""; - } - } - - return $output; - -} - -// -// split_sql_file will split an uploaded sql file into single sql statements. -// Note: expects trim() to have already been run on $sql. -// -function split_sql_file($sql, $delimiter) -{ - // Split up our string into "possible" SQL statements. - $tokens = explode($delimiter, $sql); - - // try to save mem. - $sql = ""; - $output = array(); - - // we don't actually care about the matches preg gives us. - $matches = array(); - - // this is faster than calling count($oktens) every time thru the loop. - $token_count = count($tokens); - for ($i = 0; $i < $token_count; $i++) - { - // Don't wanna add an empty string as the last thing in the array. - if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0))) - { - // This is the total number of single quotes in the token. - $total_quotes = preg_match_all("/'/", $tokens[$i], $matches); - // Counts single quotes that are preceded by an odd number of backslashes, - // which means they're escaped quotes. - $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches); - - $unescaped_quotes = $total_quotes - $escaped_quotes; - - // If the number of unescaped quotes is even, then the delimiter did NOT occur inside a string literal. - if (($unescaped_quotes % 2) == 0) - { - // It's a complete sql statement. - $output[] = $tokens[$i]; - // save memory. - $tokens[$i] = ""; - } - else - { - // incomplete sql statement. keep adding tokens until we have a complete one. - // $temp will hold what we have so far. - $temp = $tokens[$i] . $delimiter; - // save memory.. - $tokens[$i] = ""; - - // Do we have a complete statement yet? - $complete_stmt = false; - - for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++) - { - // This is the total number of single quotes in the token. - $total_quotes = preg_match_all("/'/", $tokens[$j], $matches); - // Counts single quotes that are preceded by an odd number of backslashes, - // which means they're escaped quotes. - $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches); - - $unescaped_quotes = $total_quotes - $escaped_quotes; - - if (($unescaped_quotes % 2) == 1) - { - // odd number of unescaped quotes. In combination with the previous incomplete - // statement(s), we now have a complete statement. (2 odds always make an even) - $output[] = $temp . $tokens[$j]; - - // save memory. - $tokens[$j] = ""; - $temp = ""; - - // exit the loop. - $complete_stmt = true; - // make sure the outer loop continues at the right point. - $i = $j; - } - else - { - // even number of unescaped quotes. We still don't have a complete statement. - // (1 odd and 1 even always make an odd) - $temp .= $tokens[$j] . $delimiter; - // save memory. - $tokens[$j] = ""; - } - - } // for.. - } // else - } - } - - return $output; -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/topic_review.php b/phpBB/includes/topic_review.php index bc4d0b05e4..6fc0a79592 100644 --- a/phpBB/includes/topic_review.php +++ b/phpBB/includes/topic_review.php @@ -23,7 +23,7 @@ function topic_review($topic_id, $is_inline_review) { - global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; + global $SID, $session, $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; global $userdata, $user_ip; global $orig_word, $replacement_word; global $starttime; @@ -58,16 +58,13 @@ function topic_review($topic_id, $is_inline_review) // // Start session management // - $userdata = session_pagestart($user_ip, $forum_id); - init_userprefs($userdata); + $userdata = $session->start(); + $acl = new auth($userdata); // // End session management // - $is_auth = array(); - $is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row); - - if ( !$is_auth['auth_read'] ) + if ( !$acl->get_acl($forum_id, 'forum', 'list') || !$acl->get_acl($forum_id, 'forum', 'read') ) { message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_auth_read'], $is_auth['auth_read_type'])); } @@ -154,7 +151,7 @@ function topic_review($topic_id, $is_inline_review) $message = preg_replace('#(<)([\/]?.*?)(>)#is', '<\2>', $message); } - if ( $bbcode_uid != "" ) + if ( $bbcode_uid != '' ) { $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message); } |