aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/ucp
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/ucp')
-rw-r--r--phpBB/includes/ucp/ucp_attachments.php1
-rw-r--r--phpBB/includes/ucp/ucp_auth_link.php5
-rw-r--r--phpBB/includes/ucp/ucp_login_link.php8
-rw-r--r--phpBB/includes/ucp/ucp_notifications.php38
-rw-r--r--phpBB/includes/ucp/ucp_pm.php24
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php73
-rw-r--r--phpBB/includes/ucp/ucp_pm_options.php6
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewfolder.php2
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewmessage.php10
-rw-r--r--phpBB/includes/ucp/ucp_prefs.php28
-rw-r--r--phpBB/includes/ucp/ucp_profile.php9
-rw-r--r--phpBB/includes/ucp/ucp_register.php8
12 files changed, 158 insertions, 54 deletions
diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php
index aab45339c5..42724209aa 100644
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -182,6 +182,7 @@ class ucp_attachments
$template->assign_vars(array(
'TOTAL_ATTACHMENTS' => $num_attachments,
+ 'NUM_ATTACHMENTS' => $user->lang('NUM_ATTACHMENTS', $num_attachments),
'L_TITLE' => $user->lang['UCP_ATTACHMENTS'],
diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php
index a595ce46c3..748f0fdec2 100644
--- a/phpBB/includes/ucp/ucp_auth_link.php
+++ b/phpBB/includes/ucp/ucp_auth_link.php
@@ -34,11 +34,12 @@ class ucp_auth_link
*/
public function main($id, $mode)
{
- global $config, $request, $template, $phpbb_container, $user;
+ global $request, $template, $phpbb_container, $user;
$error = array();
- $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);
+ $provider_collection = $phpbb_container->get('auth.provider_collection');
+ $auth_provider = $provider_collection->get_provider();
// confirm that the auth provider supports this page
$provider_data = $auth_provider->get_auth_link_data();
diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php
index 5ca5df00f7..bfe4804286 100644
--- a/phpBB/includes/ucp/ucp_login_link.php
+++ b/phpBB/includes/ucp/ucp_login_link.php
@@ -39,7 +39,7 @@ class ucp_login_link
*/
function main($id, $mode)
{
- global $config, $phpbb_container, $request, $template, $user;
+ global $phpbb_container, $request, $template, $user;
global $phpbb_root_path, $phpEx;
// Initialize necessary variables
@@ -57,8 +57,8 @@ class ucp_login_link
}
// Use the auth_provider requested even if different from configured
- $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);
- $auth_provider = $phpbb_container->get($auth_provider);
+ $provider_collection = $phpbb_container->get('auth.provider_collection');
+ $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));
// Set the link_method to login_link
$data['link_method'] = 'login_link';
@@ -75,7 +75,7 @@ class ucp_login_link
{
if ($request->is_set_post('login'))
{
- $login_username = $request->variable('login_username', '', false, \phpbb\request\request_interface::POST);
+ $login_username = $request->variable('login_username', '', true, \phpbb\request\request_interface::POST);
$login_password = $request->untrimmed_variable('login_password', '', true, \phpbb\request\request_interface::POST);
$login_result = $auth_provider->login($login_username, $login_password);
diff --git a/phpBB/includes/ucp/ucp_notifications.php b/phpBB/includes/ucp/ucp_notifications.php
index 5691302b83..b0aeaba227 100644
--- a/phpBB/includes/ucp/ucp_notifications.php
+++ b/phpBB/includes/ucp/ucp_notifications.php
@@ -95,35 +95,25 @@ class ucp_notifications
case 'notification_list':
default:
// Mark all items read
- if ($request->variable('mark', '') == 'all' && (confirm_box(true) || check_link_hash($request->variable('token', ''), 'mark_all_notifications_read')))
+ if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read'))
{
- if (confirm_box(true))
- {
- $phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time);
-
- meta_refresh(3, $this->u_action);
- $message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
+ $phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time);
- if ($request->is_ajax())
- {
- $json_response = new \phpbb\json_response();
- $json_response->send(array(
- 'MESSAGE_TITLE' => $user->lang['INFORMATION'],
- 'MESSAGE_TEXT' => $message,
- 'success' => true,
- ));
- }
- $message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+ meta_refresh(3, $this->u_action);
+ $message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
- trigger_error($message);
- }
- else
+ if ($request->is_ajax())
{
- confirm_box(false, 'NOTIFICATIONS_MARK_ALL_READ', build_hidden_fields(array(
- 'mark' => 'all',
- 'form_time' => $form_time,
- )));
+ $json_response = new \phpbb\json_response();
+ $json_response->send(array(
+ 'MESSAGE_TITLE' => $user->lang['INFORMATION'],
+ 'MESSAGE_TEXT' => $message,
+ 'success' => true,
+ ));
}
+ $message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+ trigger_error($message);
}
// Mark specific notifications read
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 7a8c694870..425a56cf6c 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -45,7 +45,7 @@ class ucp_pm
function main($id, $mode)
{
- global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config;
+ global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config, $request;
if (!$user->data['is_registered'])
{
@@ -246,6 +246,27 @@ class ucp_pm
$folder_id = (int) $row['folder_id'];
}
+ if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_pms_read'))
+ {
+ mark_folder_read($user->data['user_id'], $folder_id);
+
+ meta_refresh(3, $this->u_action);
+ $message = $user->lang['PM_MARK_ALL_READ_SUCCESS'];
+
+ if ($request->is_ajax())
+ {
+ $json_response = new \phpbb\json_response();
+ $json_response->send(array(
+ 'MESSAGE_TITLE' => $user->lang['INFORMATION'],
+ 'MESSAGE_TEXT' => $message,
+ 'success' => true,
+ ));
+ }
+ $message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+ trigger_error($message);
+ }
+
$message_row = array();
if ($action == 'view_message' && $msg_id)
{
@@ -332,6 +353,7 @@ class ucp_pm
'U_SENTBOX' => $this->u_action . '&amp;folder=sentbox',
'U_CREATE_FOLDER' => $this->u_action . '&amp;mode=options',
'U_CURRENT_FOLDER' => $this->u_action . '&amp;folder=' . $folder_id,
+ 'U_MARK_ALL' => $this->u_action . '&amp;folder=' . $folder_id . '&amp;mark=all&amp;token=' . generate_link_hash('mark_all_pms_read'),
'S_IN_INBOX' => ($folder_id == PRIVMSGS_INBOX) ? true : false,
'S_IN_OUTBOX' => ($folder_id == PRIVMSGS_OUTBOX) ? true : false,
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index 01c2041f42..f3b59186a6 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -27,8 +27,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
global $phpbb_root_path, $phpEx, $config;
- global $request;
- global $phpbb_container;
+ global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
// Needed for handle_message_list_actions()
@@ -233,6 +232,42 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if ($sql)
{
+ /**
+ * Alter sql query to get message for user to write the PM
+ *
+ * @event core.ucp_pm_compose_compose_pm_basic_info_query_before
+ * @var string sql String with the query to be executed
+ * @var array forum_list List of forums that contain the posts
+ * @var int visibility_const Integer with one of the possible ITEM_* constant values
+ * @var int msg_id topic_id in the page request
+ * @var int to_user_id The id of whom the message is to
+ * @var int to_group_id The id of the group whom the message is to
+ * @var bool submit Whether the user is sending the PM or not
+ * @var bool preview Whether the user is previewing the PM or not
+ * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies
+ * @var bool delete Whether the user is deleting the PM
+ * @var int reply_to_all Value of reply_to_all request variable.
+ * @var string limit_time_sql String with the SQL code to limit the time interval of the post (Note: May be empty string)
+ * @var string sort_order_sql String with the ORDER BY SQL code used in this query
+ * @since 3.1.0-RC5
+ */
+ $vars = array(
+ 'sql',
+ 'forum_list',
+ 'visibility_const',
+ 'msg_id',
+ 'to_user_id',
+ 'to_group_id',
+ 'submit',
+ 'preview',
+ 'action',
+ 'delete',
+ 'reply_to_all',
+ 'limit_time_sql',
+ 'sort_order_sql',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars)));
+
$result = $db->sql_query($sql);
$post = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -267,6 +302,40 @@ function compose_pm($id, $mode, $action, $user_folders = array())
trigger_error('NOT_AUTHORISED');
}
+ /**
+ * Get the result of querying for the post to be quoted in the pm message
+ *
+ * @event core.ucp_pm_compose_quotepost_query_after
+ * @var string sql The original SQL used in the query
+ * @var array post Associative array with the data of the quoted post
+ * @var array msg_id The post_id that was searched to get the message for quoting
+ * @var int visibility_const Visibility of the quoted post (one of the possible ITEM_* constant values)
+ * @var int topic_id Topic ID of the quoted post
+ * @var int to_user_id Users the message is sent to
+ * @var int to_group_id Groups the message is sent to
+ * @var bool submit Whether the user is sending the PM or not
+ * @var bool preview Whether the user is previewing the PM or not
+ * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies
+ * @var bool delete If deleting message
+ * @var int reply_to_all Value of reply_to_all request variable.
+ * @since 3.1.0-RC5
+ */
+ $vars = array(
+ 'sql',
+ 'post',
+ 'msg_id',
+ 'visibility_const',
+ 'topic_id',
+ 'to_user_id',
+ 'to_group_id',
+ 'submit',
+ 'preview',
+ 'action',
+ 'delete',
+ 'reply_to_all',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_quotepost_query_after', compact($vars)));
+
// Passworded forum?
if ($post['forum_id'])
{
diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php
index 353bfdc7ec..d1fc9d2c62 100644
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@@ -32,7 +32,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
- check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
+ if (!check_form_key('ucp_pm_options'))
+ {
+ trigger_error('FORM_INVALID');
+ }
+
$full_action = request_var('full_action', 0);
$set_folder_id = 0;
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index 72921270f4..19acd9ecb9 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -383,7 +383,7 @@ function view_folder($id, $mode, $folder_id, $folder)
break;
}
- header('Pragma: no-cache');
+ header('Cache-Control: private, no-cache');
header("Content-Type: $mimetype; name=\"data.$filetype\"");
header("Content-disposition: attachment; filename=data.$filetype");
echo $string;
diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php
index d5a1dbae87..888c2e6825 100644
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -197,7 +197,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
$u_pm = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $author_id);
}
- if ($user_info['user_jabber'] && $auth->acl_get('u_sendim'))
+ if ($config['jab_enable'] && $user_info['user_jabber'] && $auth->acl_get('u_sendim'))
{
$u_jabber = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=jabber&amp;u=' . $author_id);
}
@@ -213,6 +213,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
'AUTHOR_AVATAR' => (isset($user_info['avatar'])) ? $user_info['avatar'] : '',
'AUTHOR_JOINED' => $user->format_date($user_info['user_regdate']),
'AUTHOR_POSTS' => (int) $user_info['user_posts'],
+ 'U_AUTHOR_POSTS' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$author_id&amp;sr=posts") : '',
'CONTACT_USER' => $user->lang('CONTACT_USER', get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username'])),
'ONLINE_IMG' => (!$config['load_onlinetrack']) ? '' : ((isset($user_info['online']) && $user_info['online']) ? $user->img('icon_user_online', $user->lang['ONLINE']) : $user->img('icon_user_offline', $user->lang['OFFLINE'])),
@@ -403,12 +404,15 @@ function get_user_information($user_id, $user_row)
$user_row['avatar'] = ($user->optionget('viewavatars')) ? phpbb_get_user_avatar($user_row) : '';
- if (!function_exists('get_user_rank'))
+ if (!function_exists('phpbb_get_user_rank'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
- get_user_rank($user_row['user_rank'], $user_row['user_posts'], $user_row['rank_title'], $user_row['rank_image'], $user_row['rank_image_src']);
+ $user_rank_data = phpbb_get_user_rank($user_row, $user_row['user_posts']);
+ $user_row['rank_title'] = $user_rank_data['title'];
+ $user_row['rank_image'] = $user_rank_data['img'];
+ $user_row['rank_image_src'] = $user_rank_data['img_src'];
if ((!empty($user_row['user_allow_viewemail']) && $auth->acl_get('u_sendemail')) || $auth->acl_get('a_email'))
{
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php
index b0a8e8d374..2195500b57 100644
--- a/phpBB/includes/ucp/ucp_prefs.php
+++ b/phpBB/includes/ucp/ucp_prefs.php
@@ -154,7 +154,7 @@ class ucp_prefs
}
$dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
- $timezone_selects = phpbb_timezone_select($user, $data['tz'], true);
+ phpbb_timezone_select($template, $user, $data['tz'], true);
// check if there are any user-selectable languages
$sql = 'SELECT COUNT(lang_id) as languages_count
@@ -208,8 +208,6 @@ class ucp_prefs
'S_LANG_OPTIONS' => language_select($data['lang']),
'S_STYLE_OPTIONS' => ($config['override_user_style']) ? '' : style_select($data['user_style']),
- 'S_TZ_OPTIONS' => $timezone_selects['tz_select'],
- 'S_TZ_DATE_OPTIONS' => $timezone_selects['tz_dates'],
'S_CAN_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false,
'S_SELECT_NOTIFY' => ($config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml')) ? true : false)
);
@@ -223,11 +221,11 @@ class ucp_prefs
$data = array(
'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'),
'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'),
- 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0),
+ 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0),
'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'),
'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'),
- 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0),
+ 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0),
'images' => request_var('images', (bool) $user->optionget('viewimg')),
'flash' => request_var('flash', (bool) $user->optionget('viewflash')),
@@ -254,10 +252,22 @@ class ucp_prefs
if ($submit)
{
$error = validate_data($data, array(
- 'topic_sk' => array('string', false, 1, 1),
- 'topic_sd' => array('string', false, 1, 1),
- 'post_sk' => array('string', false, 1, 1),
- 'post_sd' => array('string', false, 1, 1),
+ 'topic_sk' => array(
+ array('string', false, 1, 1),
+ array('match', false, '#(a|r|s|t|v)#'),
+ ),
+ 'topic_sd' => array(
+ array('string', false, 1, 1),
+ array('match', false, '#(a|d)#'),
+ ),
+ 'post_sk' => array(
+ array('string', false, 1, 1),
+ array('match', false, '#(a|s|t)#'),
+ ),
+ 'post_sd' => array(
+ array('string', false, 1, 1),
+ array('match', false, '#(a|d)#'),
+ ),
));
if (!check_form_key('ucp_prefs_view'))
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 361dc831aa..a876d0133a 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -655,9 +655,14 @@ class ucp_profile
{
if (!empty($keys))
{
+ foreach ($keys as $key => $id)
+ {
+ $keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
+ }
+ $sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user->data['user_id'] . '
- AND ' . $db->sql_in_set('key_id', $keys) ;
+ AND ' . $sql_where ;
$db->sql_query($sql);
@@ -681,7 +686,7 @@ class ucp_profile
while ($row = $db->sql_fetchrow($result))
{
$template->assign_block_vars('sessions', array(
- 'KEY' => $row['key_id'],
+ 'KEY' => substr($row['key_id'], 0, 8),
'IP' => $row['last_ip'],
'LOGIN_TIME' => $user->format_date($row['last_login']),
));
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 06baf7e5f2..88078c10af 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -87,8 +87,8 @@ class ucp_register
if (!empty($login_link_data))
{
// Confirm that we have all necessary data
- $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);
- $auth_provider = $phpbb_container->get($auth_provider);
+ $provider_collection = $phpbb_container->get('auth.provider_collection');
+ $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));
$result = $auth_provider->login_link_has_necessary_data($login_link_data);
if ($result !== null)
@@ -452,7 +452,7 @@ class ucp_register
break;
}
- $timezone_selects = phpbb_timezone_select($user, $data['tz'], true);
+ $timezone_selects = phpbb_timezone_select($template, $user, $data['tz'], true);
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'USERNAME' => $data['username'],
@@ -465,8 +465,6 @@ class ucp_register
'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
'S_LANG_OPTIONS' => language_select($data['lang']),
- 'S_TZ_OPTIONS' => $timezone_selects['tz_select'],
- 'S_TZ_DATE_OPTIONS' => $timezone_selects['tz_dates'],
'S_TZ_PRESELECT' => !$submit,
'S_CONFIRM_REFRESH' => ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false,
'S_REGISTRATION' => true,
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-19 15:32:58 +0000