diff options
| -rw-r--r-- | phpBB/adm/pagestart.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 58 | ||||
| -rw-r--r-- | phpBB/includes/page_header.php | 6 | ||||
| -rw-r--r-- | phpBB/language/en/lang_admin.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/lang_main.php | 146 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 76 | ||||
| -rw-r--r-- | phpBB/templates/subSilver/login_body.html | 12 | ||||
| -rwxr-xr-x | phpBB/ucp.php | 209 | ||||
| -rw-r--r-- | phpBB/viewforum.php | 6 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 8 |
10 files changed, 313 insertions, 216 deletions
diff --git a/phpBB/adm/pagestart.php b/phpBB/adm/pagestart.php index 752a3bbfe7..e47f6c319e 100644 --- a/phpBB/adm/pagestart.php +++ b/phpBB/adm/pagestart.php @@ -32,6 +32,13 @@ require_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx); // Start session management $user->start($update); $user->setup(); + +// Did user forget to login? Give 'em a chance to here ... +if ($user->data['user_id'] == ANONYMOUS) +{ + login_box("index.$phpEx$SID", '', $user->lang['LOGIN_ADMIN']); +} + $auth->acl($user->data); // End session management diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 102b786798..19a4b9fc75 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -444,7 +444,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat 'META' => '<meta http-equiv="refresh" content="3;url=' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">') ); - $message = $user->lang['No_longer_watching_' . $mode] . '<br /><br />' . sprintf($user->lang['Click_return_' . $mode], '<a href="' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">', '</a>'); + $message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">', '</a>'); trigger_error($message); } else @@ -478,7 +478,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat 'META' => '<meta http-equiv="refresh" content="3;url=' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">') ); - $message = $user->lang['You_are_watching_' . $mode] . '<br /><br />' . sprintf($user->lang['Click_return_' . $mode], '<a href="' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">', '</a>'); + $message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">', '</a>'); trigger_error($message); } else @@ -493,7 +493,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat { if ($_GET['unwatch'] == $mode) { - redirect("login.$phpEx$SID&redirect=view$mode.$phpEx&" . $u_url . "=$match_id&unwatch=forum"); + login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI']))); } } else @@ -505,7 +505,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat if ($can_watch) { - $s_watching = ($is_watching) ? '<a href="' . "view$mode." . $phpEx . $SID . '&' . $u_url . "=$match_id&unwatch=$mode&start=$start" . '">' . $user->lang['Stop_watching_' . $mode] . '</a>' : '<a href="' . "view$mode." . $phpEx . $SID . '&' . $u_url . "=$match_id&watch=$mode&start=$start" . '">' . $user->lang['Start_watching_' . $mode] . '</a>'; + $s_watching = ($is_watching) ? '<a href="' . "view$mode." . $phpEx . $SID . '&' . $u_url . "=$match_id&unwatch=$mode&start=$start" . '">' . $user->lang['STOP_WATCHING_' . strtoupper($mode)] . '</a>' : '<a href="' . "view$mode." . $phpEx . $SID . '&' . $u_url . "=$match_id&watch=$mode&start=$start" . '">' . $user->lang['START_WATCHING_' . strtoupper($mode)] . '</a>'; } return; @@ -840,6 +840,56 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca return; } +// Generate login box or verify password +function login_box($s_action, $s_hidden_fields = '', $login_explain = '') +{ + global $SID, $db, $user, $template, $auth, $phpbb_root_path, $phpEx; + + $err = ''; + if (isset($_POST['login'])) + { + $autologin = (!empty($_POST['autologin'])) ? TRUE : FALSE; + $viewonline = (!empty($_POST['viewonline'])) ? 0 : 1; + + if (($result = $auth->login($_POST['username'], $_POST['password'], $autologin, $viewonline)) === true) + { + return true; + } + + // If we get a non-numeric (e.g. string) value we output an error + if (is_string($result)) + { + trigger_error($result, E_USER_ERROR); + } + + // If we get an integer zero then we are inactive, else the username/password is wrong + $err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] : $user->lang['LOGIN_ERROR']; + } + + $template->assign_vars(array( + 'LOGIN_ERROR' => $err, + 'LOGIN_EXPLAIN' => $login_explain, + + 'U_SEND_PASSWORD' => "ucp.$phpEx$SID&mode=sendpassword", + 'U_TERMS_USE' => "ucp.$phpEx$SID&mode=terms", + 'U_PRIVACY' => "ucp.$phpEx$SID&mode=privacy", + + 'S_LOGIN_ACTION' => $s_action, + 'S_HIDDEN_FIELDS' => $s_hidden_fields) + ); + + $page_title = $user->lang['LOGIN']; + include($phpbb_root_path . 'includes/page_header.'.$phpEx); + + $template->set_filenames(array( + 'body' => 'login_body.html') + ); + make_jumpbox('viewforum.'.$phpEx); + + include($phpbb_root_path . 'includes/page_tail.'.$phpEx); +} + + // Error and message handler, call with trigger_error if reqd function msg_handler($errno, $msg_text, $errfile, $errline) { diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php index f16fcd1b05..70bbef9e73 100644 --- a/phpBB/includes/page_header.php +++ b/phpBB/includes/page_header.php @@ -38,12 +38,12 @@ if ($config['gzip_compress']) // Generate logged in/logged out status if ($user->data['user_id'] != ANONYMOUS) { - $u_login_logout = 'login.'.$phpEx. $SID . '&logout=true'; + $u_login_logout = 'ucp.'.$phpEx. $SID . '&mode=logout'; $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']); } else { - $u_login_logout = 'login.'.$phpEx . $SID; + $u_login_logout = 'ucp.'.$phpEx . $SID . '&mode=login'; $l_login_logout = $user->lang['LOGIN']; } @@ -304,7 +304,6 @@ $template->assign_vars(array( 'S_CONTENT_ENCODING' => $user->lang['ENCODING'], 'S_CONTENT_DIR_LEFT' => $user->lang['LEFT'], 'S_CONTENT_DIR_RIGHT' => $user->lang['RIGHT'], - 'S_LOGIN_ACTION' => 'login.'.$phpEx.$SID, 'S_TIMEZONE' => ($user->data['user_dst']) ? sprintf($user->lang['All_times'], $user->lang[$tz], $user->lang['tz']['dst']) : sprintf($user->lang['All_times'], $user->lang[$tz], ''), 'T_STYLESHEET_DATA' => $user->theme['css_data'], @@ -312,6 +311,7 @@ $template->assign_vars(array( 'NAV_LINKS' => $nav_links_html) ); +// 'S_LOGIN_ACTION' => 'login.'.$phpEx.$SID, /*if ($config['send_encoding']) { diff --git a/phpBB/language/en/lang_admin.php b/phpBB/language/en/lang_admin.php index 7663920180..fe41659f18 100644 --- a/phpBB/language/en/lang_admin.php +++ b/phpBB/language/en/lang_admin.php @@ -22,6 +22,7 @@ $lang = array_merge($lang, array( 'ADMIN_TITLE' => 'Administration Panel', 'ADMIN' => 'Administration', + 'LOGIN_ADMIN' => 'You must be a registered, logged in user before attempting to administer the board.', 'NO_ADMIN' => 'You are not authorised to administer this board.', 'NO_FRAMES' => 'Sorry, your browser does not support frames.', 'RETURN_TO' => 'Return to ...', diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php index 77422c0ca5..e0bb5b76b4 100644 --- a/phpBB/language/en/lang_main.php +++ b/phpBB/language/en/lang_main.php @@ -156,33 +156,33 @@ $lang = array( 'You_new_pms' => 'New private messages are waiting for you in your Inbox', 'You_no_new_pm' => 'No new private messages are waiting for you', - 'LEGEND' => 'Legend', - 'RECORD_ONLINE_USERS' => 'Most users ever online was <b>%1$s</b> on %2$s', - 'Registered_users' => 'Registered Users:', - 'Browsing_forum_guest' => 'Users browsing this forum: %1$s and %2$d guest', - 'Browsing_forum_guests' => 'Users browsing this forum: %1$s and %2$d guests', - 'Online_users_zero_total' => 'In total there are <b>0</b> users online :: ', - 'Online_users_total' => 'In total there are <b>%d</b> users online :: ', - 'Online_user_total' => 'In total there is <b>%d</b> user online :: ', - 'Reg_users_zero_total' => '0 Registered, ', - 'Reg_users_total' => '%d Registered, ', - 'Reg_user_total' => '%d Registered, ', - 'Hidden_users_zero_total' => '0 Hidden and ', - 'Hidden_user_total' => '%d Hidden and ', - 'Hidden_users_total' => '%d Hidden and ', - 'Guest_users_zero_total' => '0 Guests', - 'Guest_users_total' => '%d Guests', - 'Guest_user_total' => '%d Guest', - 'Posted_articles_zero_total' => 'Our users have posted a total of <b>0</b> article', - 'Posted_articles_total' => 'Our users have posted a total of <b>%d</b> articles', - 'Posted_article_total' => 'Our users have posted a total of <b>%d</b> article', - 'Posted_topics_zero_total' => 'Our users have posted a total of <b>0</b> topic', - 'Posted_topics_total' => 'Our users have posted a total of <b>%d</b> topics', - 'Posted_topic_total' => 'Our users have posted a total of <b>%d</b> topic', - 'Registered_users_zero_total' => 'We have <b>0</b> registered users', - 'Registered_users_total' => 'We have <b>%d</b> registered users', - 'Registered_user_total' => 'We have <b>%d</b> registered user', - 'Newest_user' => 'The newest registered user is <b>%s%s%s</b>', + 'LEGEND' => 'Legend', + 'RECORD_ONLINE_USERS' => 'Most users ever online was <b>%1$s</b> on %2$s', + 'Registered_users' => 'Registered Users:', + 'Browsing_forum_guest' => 'Users browsing this forum: %1$s and %2$d guest', + 'Browsing_forum_guests' => 'Users browsing this forum: %1$s and %2$d guests', + 'Online_users_zero_total' => 'In total there are <b>0</b> users online :: ', + 'Online_users_total' => 'In total there are <b>%d</b> users online :: ', + 'Online_user_total' => 'In total there is <b>%d</b> user online :: ', + 'Reg_users_zero_total' => '0 Registered, ', + 'Reg_users_total' => '%d Registered, ', + 'Reg_user_total' => '%d Registered, ', + 'Hidden_users_zero_total' => '0 Hidden and ', + 'Hidden_user_total' => '%d Hidden and ', + 'Hidden_users_total' => '%d Hidden and ', + 'Guest_users_zero_total'=> '0 Guests', + 'Guest_users_total' => '%d Guests', + 'Guest_user_total' => '%d Guest', + 'Posted_articles_zero_total'=> 'Our users have posted a total of <b>0</b> article', + 'Posted_articles_total' => 'Our users have posted a total of <b>%d</b> articles', + 'Posted_article_total' => 'Our users have posted a total of <b>%d</b> article', + 'Posted_topics_zero_total' => 'Our users have posted a total of <b>0</b> topic', + 'Posted_topics_total' => 'Our users have posted a total of <b>%d</b> topics', + 'Posted_topic_total' => 'Our users have posted a total of <b>%d</b> topic', + 'Registered_users_zero_total' => 'We have <b>0</b> registered users', + 'Registered_users_total' => 'We have <b>%d</b> registered users', + 'Registered_user_total' => 'We have <b>%d</b> registered user', + 'Newest_user' => 'The newest registered user is <b>%s%s%s</b>', 'No_new_posts_last_visit' => 'No new posts since your last visit', @@ -201,6 +201,11 @@ $lang = array( 'POST_TOPIC_LOCKED' => 'Topic is locked', + 'FOUND_USERS_TOTAL' => '%s Users', + 'FOUND_TOPIC_TOTAL' => '%s Topics', + 'FOUND_POSTS_TOTAL' => '%s Posts', + + 'LOGIN' => 'Login', 'TERMS_USE' => 'Terms of Use', 'PRIVACY' => 'Privacy Policy', @@ -258,50 +263,52 @@ $lang = array( 'NO_POST' => 'The requested post does not exist.', 'NO_USER' => 'The requested user does not exist.', - 'Stop_watching_forum' => 'Stop watching this forum', - 'Start_watching_forum' => 'Watch this forum for new posts', - 'No_longer_watching_forum' => 'You are no longer watching this forum', - 'You_are_watching_forum' => 'You are now watching this forum', - 'View_topic' => 'View topic', + 'LOGIN_VIEWFORUM' => 'The board administrator requires you to be registered and logged in to view this forum.', + 'STOP_WATCHING_FORUM' => 'Stop watching this forum', + 'START_WATCHING_FORUM' => 'Watch this forum for new posts', + 'NOT_WATCHING_FORUM' => 'You are no longer watching this forum', + 'ARE_WATCHING_FORUM' => 'You are now watching this forum', + - 'POST_SUBJECT' => 'Post subject', + 'VIEW_TOPIC' => 'View topic', + 'LOGIN_VIEWTOPIC' => 'The board administrator requires you to be registered and logged in to view this topic.', + 'PRINT_TOPIC' => 'Printable version', + 'VIEW_NEXT_TOPIC' => 'View next topic', + 'VIEW_PREVIOUS_TOPIC' => 'View previous topic', - 'PRINT_TOPIC' => 'Printable version', - 'VIEW_NEXT_TOPIC' => 'View next topic', - 'VIEW_PREVIOUS_TOPIC' => 'View previous topic', 'NO_NEWER_TOPICS' => 'There are no newer topics in this forum', 'NO_OLDER_TOPICS' => 'There are no older topics in this forum', 'POST_IGNORE' => 'This post was made by <b>%1$s</b> who is on your ignore list. To display this post click %sHERE%s.', 'POST_BELOW_KARMA' => 'This post was made by <b>%1$s</b> whose karma rating of <b>%2$d</b> is below your desired minimum. To display this post click %3$sHERE%4$s.', 'POST_ENCODING' => 'This post by <b>%1$s</b> was made in a character set different to yours. To view this post in its proper encoding click %2$sHERE%3$s.', - 'DISPLAY_POSTS' => 'Display posts from previous', - 'ALL_POSTS' => 'All Posts', - - 'BACK_TO_TOP' => 'Back to top', - 'READ_PROFILE' => 'Profile', - 'SEND_EMAIL' => 'Email', - 'VISIT_WEBSITE' => 'WWW', - 'ICQ_STATUS' => 'ICQ Status', - 'EDIT_POST' => 'Edit', - 'VIEW_IP' => 'IP', - 'DELETE_POST' => 'Delete', - 'DELETE_POST_WARN' => 'Once deleted the post cannot be recovered', - 'REPORT_TO_ADMIN' => 'Report this post', - - 'POST_BEEN_REPORTED' => 'This post has been reported', - 'POST_NOT_BEEN_APPROVED' => 'This post has not been approved', - 'TOPIC_BEEN_REPORTED' => 'This topic has been reported', - 'TOPIC_NOT_BEEN_APPROVED' => 'This topic has not been approved', - - 'APPROVE_POST' => 'Approve this post', - 'READ_REPORTS' => 'Read post reports', - - 'wrote' => 'wrote', - 'Quote' => 'Quote', - 'Code' => 'Code', - 'EDITED_TIME_TOTAL' => 'Last edited by %1$s on %2$s, edited %3$d time in total', - 'EDITED_TIMES_TOTAL' => 'Last edited by %1$s on %2$s, edited %3$d times in total', + 'DISPLAY_POSTS' => 'Display posts from previous', + 'ALL_POSTS' => 'All Posts', + + 'BACK_TO_TOP' => 'Back to top', + 'POST_SUBJECT' => 'Post subject', + 'READ_PROFILE' => 'Profile', + 'SEND_EMAIL' => 'Email', + 'VISIT_WEBSITE' => 'WWW', + 'ICQ_STATUS' => 'ICQ Status', + 'EDIT_POST' => 'Edit', + 'VIEW_IP' => 'IP', + 'DELETE_POST' => 'Delete', + 'DELETE_POST_WARN' => 'Once deleted the post cannot be recovered', + 'REPORT_TO_ADMIN' => 'Report this post', + 'EDITED_TIME_TOTAL' => 'Last edited by %1$s on %2$s, edited %3$d time in total', + 'EDITED_TIMES_TOTAL' => 'Last edited by %1$s on %2$s, edited %3$d times in total', + + 'POST_BEEN_REPORTED' => 'This post has been reported', + 'POST_NOT_BEEN_APPROVED' => 'This post has not been approved', + 'TOPIC_BEEN_REPORTED' => 'This topic has been reported', + 'TOPIC_NOT_BEEN_APPROVED' => 'This topic has not been approved', + 'APPROVE_POST' => 'Approve this post', + 'READ_REPORTS' => 'Read post reports', + + 'WROTE' => 'wrote', + 'QUOTE' => 'Quote', + 'CODE' => 'Code', 'QUICK_MOD' => 'Quick-mod tools', 'LOCK_TOPIC' => 'Lock topic', @@ -312,12 +319,12 @@ $lang = array( 'MERGE_TOPIC' => 'Merge topic', 'CHANGE_TOPIC_TYPE' => 'Change topic type to: ', - 'Stop_watching_topic' => 'Stop watching this topic', - 'Start_watching_topic' => 'Watch this topic for replies', - 'No_longer_watching_topic' => 'You are no longer watching this topic', - 'You_are_watching_topic' => 'You are now watching this topic', + 'STOP_WATCHING_TOPIC' => 'Stop watching this topic', + 'START_WATCHING_TOPIC' => 'Watch this topic for replies', + 'NOT_WATCHING_TOPIC' => 'You are no longer watching this topic', + 'NOW_WATCHING_TOPIC' => 'You are now watching this topic', - 'Total_votes' => 'Total Votes', + 'TOTAL_VOTES' => 'Total Votes', 'VIEW_RESULTS' => 'View Results', @@ -624,6 +631,7 @@ $lang = array( 'NO_MEMBERS' => 'No members found for this search criteria', 'SEND_MESSAGE' => 'Message', 'POST_IP' => 'Posted from IP/domain', + 'LAST_ACTIVE' => 'Last active', 'SELECT_SORT_METHOD'=> 'Select sort method', 'SORT' => 'Sort', 'ORDER' => 'Order', @@ -735,7 +743,7 @@ $lang = array( 'Search_author' => 'Search for Author', 'Search_author_explain' => 'Use * as a wildcard for partial matches', 'Last_active' => 'Last active', - 'Select_marked' => 'Select Marked', + 'SELECT_MARKED' => 'Select Marked', 'Search_for_any' => 'Search for any terms or use query as entered', 'Search_for_all' => 'Search for all terms', 'Search_title_msg' => 'Search topic title and message text', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index ebe0557e39..e7a7c4abed 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -28,45 +28,43 @@ include($phpbb_root_path . 'common.'.$phpEx); $user->start(); $user->setup(); $auth->acl($user->data); -// End session management - - // Grab data -$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : ''; +$mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; $user_id = (isset($_GET['u'])) ? intval($_GET['u']) : ANONYMOUS; // Can this user view profiles/memberslist? if (!$auth->acl_gets('u_viewprofile', 'a_')) { - if ($user->data['user_id'] == ANONYMOUS) + if ($user->data['user_id'] != ANONYMOUS) { - redirect("login.$phpEx$SID&redirect=memberlist&mode=$mode&u=$user_id"); + trigger_error($user->lang['NO_VIEW_USERS']); } - trigger_error($user->lang['NO_VIEW_USERS']); + + login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI']))); } $start = (isset($_GET['start'])) ? intval($_GET['start']) : 0; -$form = (!empty($_GET['form'])) ? $_GET['form'] : 0; -$field = (isset($_GET['field'])) ? $_GET['field'] : 'username'; +$form = (!empty($_GET['form'])) ? htmlspecialchars($_GET['form']) : 0; +$field = (isset($_GET['field'])) ? htmlspecialchars($_GET['field']) : 'username'; $sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 'c'; $sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a'; -$username = (!empty($_REQUEST['username'])) ? trim($_REQUEST['username']) : ''; -$email = (!empty($_REQUEST['email'])) ? trim($_REQUEST['email']) : ''; -$icq = (!empty($_REQUEST['icq'])) ? intval($_REQUEST['icq']) : ''; -$aim = (!empty($_REQUEST['aim'])) ? trim($_REQUEST['aim']) : ''; -$yahoo = (!empty($_REQUEST['yahoo'])) ? trim($_REQUEST['yahoo']) : ''; -$msn = (!empty($_REQUEST['msn'])) ? trim($_REQUEST['msn']) : ''; - -$joined_select = (!empty($_REQUEST['joined_select'])) ? $_REQUEST['joined_select'] : 'lt'; -$active_select = (!empty($_REQUEST['active_select'])) ? $_REQUEST['active_select'] : 'lt'; -$count_select = (!empty($_REQUEST['count_select'])) ? $_REQUEST['count_select'] : 'eq'; -$joined = (!empty($_REQUEST['joined'])) ? explode('-', trim($_REQUEST['joined'])) : array(); -$active = (!empty($_REQUEST['active'])) ? explode('-', trim($_REQUEST['active'])) : array(); +$username = (!empty($_REQUEST['username'])) ? trim(htmlspecialchars($_REQUEST['username'])) : ''; +$email = (!empty($_REQUEST['email'])) ? trim(htmlspecialchars($_REQUEST['email'])) : ''; +$icq = (!empty($_REQUEST['icq'])) ? intval(htmlspecialchars($_REQUEST['icq'])) : ''; +$aim = (!empty($_REQUEST['aim'])) ? trim(htmlspecialchars($_REQUEST['aim'])) : ''; +$yahoo = (!empty($_REQUEST['yahoo'])) ? trim(htmlspecialchars($_REQUEST['yahoo'])) : ''; +$msn = (!empty($_REQUEST['msn'])) ? trim(htmlspecialchars($_REQUEST['msn'])) : ''; + +$joined_select = (!empty($_REQUEST['joined_select'])) ? htmlspecialchars($_REQUEST['joined_select']) : 'lt'; +$active_select = (!empty($_REQUEST['active_select'])) ? htmlspecialchars($_REQUEST['active_select']) : 'lt'; +$count_select = (!empty($_REQUEST['count_select'])) ? htmlspecialchars($_REQUEST['count_select']) : 'eq'; +$joined = (!empty($_REQUEST['joined'])) ? explode('-', trim(htmlspecialchars($_REQUEST['joined']))) : array(); +$active = (!empty($_REQUEST['active'])) ? explode('-', trim(htmlspecialchars($_REQUEST['active']))) : array(); $count = (!empty($_REQUEST['count'])) ? intval($_REQUEST['count']) : ''; -$ipdomain = (!empty($_REQUEST['ip'])) ? trim($_REQUEST['ip']) : ''; +$ipdomain = (!empty($_REQUEST['ip'])) ? trim(htmlspecialchars($_REQUEST['ip'])) : ''; // Grab rank information for later $sql = "SELECT * @@ -81,9 +79,13 @@ while ($row = $db->sql_fetchrow($result)) } $db->sql_freeresult($result); - +// What do you want to do today? ... oops, I think that line is taken ... switch ($mode) { + case 'leaders': + // Display a listing of board admins, moderators + break; + case 'viewprofile': // Display a profile $page_title = sprintf($user->lang['VIEWING_PROFILE'], $row['username']); @@ -145,6 +147,7 @@ switch ($mode) $active_t_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); + // We left join on the session table to see if the user is currently online $sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit, MAX(session_time) AS session_time FROM " . USERS_TABLE . " LEFT JOIN " . SESSIONS_TABLE . " ON session_user_id = user_id @@ -219,7 +222,7 @@ switch ($mode) trigger_error($user->lang['NO_USER']); } - if (empty($config['board_email_form']) || empty($config['email_enable']) || !$auth->acl_gets('u_sendemail', 'a_')) + if (empty($config['board_email_form']) || empty($config['email_enable']) || !$auth->acl_gets('u_sendemail', 'a_user')) { trigger_error($user->lang['NO_EMAIL']); } @@ -237,7 +240,7 @@ switch ($mode) } // Can we send email to this user? - if (empty($row['user_viewemail']) && !$auth->acl_get('a_')) + if (empty($row['user_viewemail']) && !$auth->acl_get('a_user')) { trigger_error($user->lang['NO_EMAIL']); } @@ -340,21 +343,19 @@ switch ($mode) $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); - $s_sort_key = '<select name="sk">'; + $s_sort_key = ''; foreach ($sort_key_text as $key => $value) { $selected = ($sort_key == $key) ? ' selected="selected"' : ''; $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } - $s_sort_key .= '</select>'; - $s_sort_dir = '<select name="sd">'; + $s_sort_dir = ''; foreach ($sort_dir_text as $key => $value) { $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } - $s_sort_dir .= '</select>'; // Additional sorting options for user search $where_sql = ''; @@ -440,11 +441,22 @@ switch ($mode) $total_users = ($row = $db->sql_fetchrow($result)) ? $row['total_users'] : 0; // Pagination string - $pagination_url = ($mode == 'searchuser') ? "memberlist.$phpEx$SID&mode=searchuser&form=$form&field=$field&username=" . urlencode($username) . "&email=" . urlencode($email) . "&icq=$icq&aim=" . urlencode($aim) . "&yahoo=" . urlencode($yahoo) . "&msn=" . urlencode($msn) . "&joined=" . urlencode(implode('-', $joined)) . "&active=" . urlencode(implode('-', $active)) . "&count=$count&ip=" . urlencode($ipdomain) . "&sd=$sort_dir&sk=$sort_key&joined_select=$joined_select&active_select=$active_select&count_select=$count_select" : "memberlist.$phpEx$SID&mode=$mode&sk=$sort_key&sd=$sort_dir"; + $pagination_url = "memberlist.$phpEx$SID&mode=$mode"; // Some search user specific data if ($mode == 'searchuser') { + // Build a relevant pagination_url + $global_var = (isset($_POST['submit'])) ? '_POST' : '_GET'; + foreach ($$global_var as $key => $var) + { + if (in_array($key, array('submit', 'start', 'mode')) || $var == '') + { + continue; + } + $pagination_url .= '&' . $key . '=' . urlencode($var); + } + $template->assign_vars(array( 'USERNAME' => $username, 'EMAIL' => $email, @@ -487,6 +499,7 @@ switch ($mode) $sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_rank, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit FROM " . USERS_TABLE . " WHERE user_id <> " . ANONYMOUS . " + $where_sql ORDER BY $order_by LIMIT $start, " . $config['topics_per_page']; $result = $db->sql_query($sql); @@ -514,7 +527,8 @@ switch ($mode) // Generate page $template->assign_vars(array( 'PAGINATION' => generate_pagination($pagination_url, $total_users, $config['topics_per_page'], $start), - 'PAGE_NUMBER' => on_page($total_users, $config['topics_per_page'], $start), + 'PAGE_NUMBER' => on_page($total_users, $config['topics_per_page'], $start), + 'TOTAL_USERS' => sprintf($user->lang['FOUND_USERS_TOTAL'], $total_users), 'U_FIND_MEMBER' => "memberlist.$phpEx$SID&mode=searchuser", 'U_SORT_USERNAME' => "memberlist.$phpEx$SID&sk=a&sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), diff --git a/phpBB/templates/subSilver/login_body.html b/phpBB/templates/subSilver/login_body.html index f096fcdf6c..cf26571028 100644 --- a/phpBB/templates/subSilver/login_body.html +++ b/phpBB/templates/subSilver/login_body.html @@ -11,11 +11,18 @@ <tr> <th height="25">{L_LOGIN}</th> </tr> + <!-- IF LOGIN_EXPLAIN neq '' --> <tr> - <td class="row3" align="center"><span class="gensmall"><a href="{U_TERMS_USE}">{L_TERMS_USE}</a> <a href="{U_PRIVACY}">{L_PRIVACY}</a></span></td> + <td class="row3" align="center"><span class="gensmall">{LOGIN_EXPLAIN}</td> </tr> + <!-- ENDIF --> <tr> <td class="row1" align="center"><table cellspacing="1" cellpadding="2" border="0"> + <!-- IF LOGIN_ERROR neq '' --> + <tr> + <td class="gensmall" colspan="2" align="center"><span style="color:red">{LOGIN_ERROR}</span></td> + </tr> + <!-- ENDIF --> <tr> <td><b class="gensmall">{L_USERNAME}:</b></td> <td><input class="post" type="text" name="username" size="25" maxlength="40" value="{USERNAME}" /><br /><a class="gensmall" href="{U_REGISTER}">{L_REGISTER}</a></td> @@ -32,6 +39,9 @@ <td> </td> <td><input type="checkbox" name="viewonline" /> <span class="gensmall">{L_HIDE_ME}</span></td> </tr> + <tr> + <td colspan="2" align="center"><span class="gensmall"><a href="{U_TERMS_USE}">{L_TERMS_USE}</a> | <a href="{U_PRIVACY}">{L_PRIVACY}</a></span></td> + </tr> </table></td> </tr> <tr> diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 898b561f6f..e03818f12b 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -69,91 +69,103 @@ include($phpbb_root_path . 'common.'.$phpEx); $user->start(); $user->setup(); $auth->acl($user->data); -// End session management // ----------------------- // Page specific functions // -if($_GET['mode'] || $_POST['mode']) +if (!empty($_REQUEST['mode'])) { - $mode = (!empty($_GET['mode'])) ? $_GET['mode'] : $_POST['mode']; - - if($mode == 'viewprofile') - { - include($phpbb_root_path . 'ucp/usercp_viewprofile.'.$phpEx); - exit; - } - else if($mode == 'activate') - { - include($phpbb_root_path . 'ucp/usercp_activate.'.$phpEx); - } - else if($mode == 'register') + $mode = $_REQUEST['mode']; + + switch ($mode) { - if($user->data['user_id'] != ANONYMOUS) - { - redirect("index.$phpEx$SID"); - } - else - { + case 'activate': + include($phpbb_root_path . 'ucp/usercp_activate.'.$phpEx); + break; + + case 'register': + if ($user->data['user_id'] != ANONYMOUS) + { + redirect("index.$phpEx$SID"); + } include($phpbb_root_path . 'ucp/usercp_register.'.$phpEx); - exit; - } + break; + + case 'login': + if ($user->data['user_id'] != ANONYMOUS) + { + redirect("index.$phpEx$SID"); + } + + define('IN_LOGIN', true); + login_box("ucp.$phpEx$SID&mode=login"); + redirect("index.$phpEx$SID"); + break; + + case 'logout': + if ($user->data['user_id'] != ANONYMOUS) + { + $user->destroy(); + } + + redirect("index.$phpEx$SID"); + break; + } } -// Database based module handing -$selected_module = ($_GET['module_id']) ? $_GET['module_id'] : $_POST['module_id']; -$sql = "SELECT module_id, module_name, module_filename FROM " . UCP_MODULES_TABLE . " ORDER BY module_order"; -$result = $db->sql_query($sql); +// Some basic template vars +$template->assign_vars(array( + 'UCP_WELCOME_MSG' => $user->lang['UCP_WELCOME_MESSAGE']) +); -$rowset = $db->sql_fetchrowset($result); -// Default UCP link -$template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID", - 'SECTION' => $user->lang['UCP_Main'])); - -foreach($rowset as $section) +// Word censors $censors['match'] & $censors['replace'] +$censors = array(); +obtain_word_list($censors); + + +// "Home" module +$template->assign_block_vars('ucp_sections', array( + 'U_SECTION' => "ucp.$phpEx$SID", + 'SECTION' => $user->lang['UCP_Main']) +); + +// Grab the other enabled UCP modules +$selected_module = (!empty($_REQUEST['module_id'])) ? $_REQUEST['module_id'] : ''; +$sql = "SELECT module_id, module_name, module_filename + FROM " . UCP_MODULES_TABLE . " + ORDER BY module_order"; +$result = $db->sql_query($sql); + +while ($row = $db->sql_fetchrow($result)) { - $template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID&module_id=" . $section['module_id'] , - 'SECTION' => $section['module_name'])); + $template->assign_block_vars('ucp_sections', array( + 'U_SECTION' => "ucp.$phpEx$SID&module_id=" . $row['module_id'], + 'SECTION' => $row['module_name']) + ); - if($section['module_id'] == $selected_module) + if ($row['module_id'] == $selected_module) { - $module_to_include = $section['module_filename'] . "." . $phpEx; + $module_to_include = $row['module_filename'] . '.' . $phpEx; include($phpbb_root_path . $module_to_include); } } +$db->sql_freeresult($result); - - -$page_title = $user->lang['User_control_panel'] . ' - ' . $this_section; -include($phpbb_root_path . 'includes/page_header.'.$phpEx); - -// Setup word censor -$orig_word = array(); -$replacement_word = array(); -obtain_word_list($orig_word, $replacement_word); - -$template->assign_vars(array('L_SUBSCRIBED_TOPICS' => $user->lang['SUBSCRIBED_TOPICS'], - 'L_SUBSCRIBED_FORUMS' => $user->lang['SUBSCRIBED_FORUMS'], - 'L_WELCOME_USERCP' => $user->lang['WELCOME_USERCP'], - 'UCP_WELCOME_MSG' => $user->lang['UCP_WELCOME_MESSAGE'], - 'L_ONLINE_BUDDIES' => $user->lang['ONLINE_BUDDIES'], - 'L_UNREAD_PM' => $user->lang['UNREAD_PM'])); - -// // Subscribed Topics -// -$sql = "SELECT tw.topic_id, t.topic_title, t.topic_last_post_time, t.poll_start, t.topic_replies, t.topic_type, t.forum_id FROM " . TOPICS_TABLE . " t, " . TOPICS_WATCH_TABLE . " tw - WHERE t.topic_id = tw.topic_id AND tw.user_id = " . $user->data['user_id'] . " ORDER BY t.topic_last_post_time DESC"; - +$sql = "SELECT tw.topic_id, t.topic_title, t.topic_last_post_time, t.poll_start, t.topic_replies, t.topic_type, t.forum_id + FROM " . TOPICS_TABLE . " t, " . TOPICS_WATCH_TABLE . " tw + WHERE t.topic_id = tw.topic_id + AND tw.user_id = " . $user->data['user_id'] . " + ORDER BY t.topic_last_post_time DESC"; $result = $db->sql_query($sql); $topic_count = 0; -while($row = $db->sql_fetchrow($result)) +while ($row = $db->sql_fetchrow($result)) { $replies = $row['topic_replies']; $topic_id = $row['topic_id']; @@ -165,16 +177,19 @@ while($row = $db->sql_fetchrow($result)) $topic_type = $user->lang['Topic_Announcement'] . ' '; $folder = 'folder_announce'; $folder_new = 'folder_announce_new'; - break; + break; + case POST_STICKY: $topic_type = $user->lang['Topic_Sticky'] . ' '; $folder = 'folder_sticky'; $folder_new = 'folder_sticky_new'; - break; + break; + case ITEM_LOCKED: $folder = 'folder_locked'; $folder_new = 'folder_locked_new'; - break; + break; + default: if ($replies >= intval($config['hot_threshold'])) { @@ -186,7 +201,7 @@ while($row = $db->sql_fetchrow($result)) $folder = 'folder'; $folder_new = 'folder_new'; } - break; + break; } $unread_topic = false; @@ -200,34 +215,34 @@ while($row = $db->sql_fetchrow($result)) $folder_alt = ($unread_topic) ? 'New_posts' : (($row['topic_status'] == ITEM_LOCKED) ? 'Topic_locked' : 'No_new_posts'); $view_topic_url = 'viewtopic.' . $phpEx . $SID . '&f=' . $forum_id . '&t=' . $topic_id; + + // Needs to be handled within this code rather than going out of UCP $unsubscribe_img = '<a href="viewtopic.' . $phpEx . $SID . '&t=' . $topic_id . '&unwatch=topic">' . $user->img('icon_delete', 'Stop_watching_topic', FALSE) . '</a>'; - $template->assign_block_vars('subscribed_topics', array('TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), - 'NEWEST_POST_IMG' => $newest_post_img, - 'TOPIC_TITLE' => (count($orig_word)) ? preg_replace($orig_word, $replacement_word, $row['topic_title']) : $row['topic_title'], - 'UNSUBSCRIBE_IMG' => $unsubscribe_img, + $template->assign_block_vars('subscribed_topics', array( + 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), + 'NEWEST_POST_IMG' => $newest_post_img, + 'UNSUBSCRIBE_IMG' => $unsubscribe_img, + + 'TOPIC_TITLE' => (!empty($censors)) ? preg_replace($censors['match'], $censors['replace'], $row['topic_title']) : $row['topic_title'], - 'U_TOPIC' => $view_topic_url) + 'U_TOPIC' => $view_topic_url) ); } $db->sql_freeresult($result); - -// // End Subscribed Topics -// -// // Subscribed Forums -// -$sql = "SELECT f.forum_id, f.forum_last_post_time, f.forum_last_post_id, f.left_id, f.right_id, f.forum_status, f.forum_name, f.forum_desc FROM " . FORUMS_TABLE . " f, " . FORUMS_WATCH_TABLE . " fw - WHERE f.forum_id = fw.forum_id AND fw.user_id = " . $user->data['user_id'] . " ORDER BY f.forum_last_post_time DESC"; - +$sql = "SELECT f.forum_id, f.forum_last_post_time, f.forum_last_post_id, f.left_id, f.right_id, f.forum_status, f.forum_name, f.forum_desc + FROM " . FORUMS_TABLE . " f, " . FORUMS_WATCH_TABLE . " fw + WHERE f.forum_id = fw.forum_id + AND fw.user_id = " . $user->data['user_id'] . " + ORDER BY f.forum_last_post_time DESC"; $result = $db->sql_query($sql); -while($row = $db->sql_fetchrow($result)) +while ($row = $db->sql_fetchrow($result)) { - $forum_id = $row['forum_id']; $unread_topics = ($user->data['user_id'] && $row['forum_last_post_time'] > $user->data['user_lastvisit']) ? TRUE : FALSE; @@ -252,47 +267,41 @@ while($row = $db->sql_fetchrow($result)) } $last_post = '<a href="viewtopic.' . $phpEx . $SID . '&f=' . $row['forum_id'] . '&p=' . $row['forum_last_post_id'] . '#' . $row['forum_last_post_id'] . '">' . $user->img('goto_post_latest', 'View_latest_post') . '</a>'; + + // Needs to be handled within this code rather than going out of UCP $unsubscribe_img = '<a href="viewforum.' . $phpEx . $SID . '&f=' . $forum_id . '&unwatch=forum">' . $user->img('icon_delete', 'Stop_watching_forum', FALSE) . '</a>'; - $template->assign_block_vars('subscribed_forums', array('FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt), + $template->assign_block_vars('subscribed_forums', array( + 'FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt), 'NEWEST_FORUM_POST_IMG' => $last_post, - 'FORUM_NAME' => $row['forum_name'], - 'UNSUBSCRIBE_IMG' => $unsubscribe_img, + 'UNSUBSCRIBE_IMG' => $unsubscribe_img, + + 'FORUM_NAME' => $row['forum_name'], - 'U_FORUM' => 'viewforum.' . $phpEx . $SID . '&f=' . $row['forum_id']) + 'U_FORUM' => 'viewforum.' . $phpEx . $SID . '&f=' . $row['forum_id']) ); } - - - -// +$db->sql_freeresult($result); // End Subscribed forums -// - -// -// Buddy List -// +// Buddy List -// // End Buddy List -// -// // Private Messages -// - -// // End Private Messages -// +// Output the page +$page_title = $user->lang['User_control_panel'] . ' - ' . $this_section; +include($phpbb_root_path . 'includes/page_header.'.$phpEx); + $template->set_filenames(array( - 'body' => 'usercp_main.html' -)); + 'body' => 'usercp_main.html') +); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index ddf47d078b..4b117c924b 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -103,12 +103,12 @@ $auth->acl($user->data, $forum_id); // Permissions check if (!$auth->acl_gets('f_read', 'm_', 'a_', $forum_id)) { - if ($user->data['user_id'] == ANONYMOUS) + if ($user->data['user_id'] != ANONYMOUS) { - redirect("login.$phpEx$SID&redirect=viewforum.$phpEx&f=$forum_id" . ((isset($start)) ? "&start=$start" : '')); + trigger_error('SORRY_AUTH_READ'); } - trigger_error('SORRY_AUTH_READ'); + login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])), '', $user->lang['LOGIN_VIEWFORUM']); } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index ea1b413003..e7db9dd029 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -173,14 +173,12 @@ extract($topic_data); // Start auth check if (!$auth->acl_gets('f_read', 'm_', 'a_', $forum_id)) { - if ($user->data['user_id'] == ANONYMOUS) + if ($user->data['user_id'] != ANONYMOUS) { - $redirect = (isset($post_id)) ? "p=$post_id" : "t=$topic_id"; - $redirect .= (isset($start)) ? "&start=$start" : ''; - redirect('login.' . $phpEx . $SID . '&redirect=viewtopic.' . $phpEx . '&' . $redirect); + trigger_error($user->lang['SORRY_AUTH_READ']); } - trigger_error($user->lang['SORRY_AUTH_READ']); + login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])), '', $user->lang['LOGIN_VIEWFORUM']); } |