+ case 'manage':

+ $l_title = 'ACP_MANAGE_ATTACHMENTS';

+ break;

+

+

+ case 'manage':

+

+ if ($submit)

+ {

+ $delete_files = (isset($_POST['delete'])) ? array_keys(request_var('delete', array('' => 0))) : array();

+

+ if (sizeof($delete_files))

+ {

+ // Select those attachments we want to delete...

+ $sql = 'SELECT real_filename

+ FROM ' . ATTACHMENTS_TABLE . '

+ WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '

+ AND is_orphan = 0';

+ $result = $db->sql_query($sql);

+ while ($row = $db->sql_fetchrow($result))

+ {

+ $deleted_filenames[] = $row['real_filename'];

+ }

+ $db->sql_freeresult($result);

+

+ if ($num_deleted = delete_attachments('attach', $delete_files))

+ {

+ if (sizeof($delete_files) != $num_deleted)

+ {

+ $error[] = $user->lang['FILES_GONE'];

+ }

+ add_log('admin', 'LOG_ATTACHMENTS_DELETED', implode(', ', $deleted_filenames));

+ $notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode(', ', $deleted_filenames));

+ }

+ else

+ {

+ $error[] = $user->lang['NO_FILES_TO_DELETE'];

+ }

+ }

+ }

+

+ $template->assign_vars(array(

+ 'S_MANAGE' => true)

+ );

+

+ $start = request_var('start', 0);

+

+ // Sort keys

+ $sort_days = request_var('st', 0);

+ $sort_key = request_var('sk', 't');

+ $sort_dir = request_var('sd', 'd');

+

+ // Sorting

+ $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);

+ $sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'],'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']);

+ $sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username');

+

+ $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';

+ gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);

+

+ $min_filetime = ($sort_days) ? (time() - ($sort_days * 86400)) : '';

+ $limit_filetime = ($min_filetime) ? " AND a.filetime >= $min_filetime " : '';

+ $start = ($sort_days && isset($_POST['sort'])) ? 0 : $start;

+

+ $attachments_per_page = (int) $config['topics_per_page'];

+

+ // Handle files stats resync

+ $action = request_var('action', '');

+ $resync_files_stats = false;

+ if ($action && $action = 'stats')

+ {

+ if (!confirm_box(true))

+ {

+ confirm_box(false, $user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array(

+ 'i' => $id,

+ 'mode' => $mode,

+ 'action' => $action,

+ )));

+ }

+ else

+ {

+ $resync_files_stats = true;

+ add_log('admin', 'LOG_RESYNC_FILES_STATS');

+ }

+ }

+

+ // Check if files stats are accurate

+ $sql = 'SELECT COUNT(attach_id) as num_files

+ FROM ' . ATTACHMENTS_TABLE . '

+ WHERE is_orphan = 0';

+ $result = $db->sql_query($sql, 600);

+ $num_files_real = (int) $db->sql_fetchfield('num_files');

+ if ($resync_files_stats === true)

+ {

+ set_config('num_files', $num_files_real, true);

+ }

+ $db->sql_freeresult($result);

+

+ $sql = 'SELECT SUM(filesize) as upload_dir_size

+ FROM ' . ATTACHMENTS_TABLE . '

+ WHERE is_orphan = 0';

+ $result = $db->sql_query($sql, 600);

+ $total_size_real = (float) $db->sql_fetchfield('upload_dir_size');

+ if ($resync_files_stats === true)

+ {

+ set_config('upload_dir_size', $total_size_real, true);

+ }

+ $db->sql_freeresult($result);

+

+ // Get current files stats

+ $num_files = (int) $config['num_files'];

+ $total_size = (float) $config['upload_dir_size'];

+

+ // Issue warning message if files stats are inaccurate

+ if (($num_files != $num_files_real) || ($total_size != $total_size_real))

+ {

+ $error[] = sprintf($user->lang['FILES_STATS_WRONG'], $num_files_real, get_formatted_filesize($total_size_real));

+

+ $template->assign_vars(array(

+ 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? true : false,

+ 'U_ACTION' => $this->u_action,)

+ );

+ }

+

+ // Make sure $start is set to the last page if it exceeds the amount

+ if ($start < 0 || $start > $num_files)

+ {

+ $start = ($start < 0) ? 0 : floor(($num_files - 1) / $attachments_per_page) * $attachments_per_page;

+ }

+

+ // If the user is trying to reach the second half of the attachments list, fetch it starting from the end

+ $store_reverse = false;

+ $sql_limit = $attachments_per_page;

+

+ if ($start > $num_files / 2)

+ {

+ $store_reverse = true;

+

+ if ($start + $attachments_per_page > $num_files)

+ {

+ $sql_limit = min($attachments_per_page, max(1, $num_files - $start));

+ }

+

+ // Select the sort order. Add time sort anchor for non-time sorting cases

+ $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') : '';

+ $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') . $sql_sort_anchor;

+ $sql_start = max(0, $num_files - $sql_limit - $start);

+ }

+ else

+ {

+ // Select the sort order. Add time sort anchor for non-time sorting cases

+ $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') : '';

+ $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') . $sql_sort_anchor;

+ $sql_start = $start;

+

+ }

+

+ $attachments_list = array();

+

+ // Just get the files

+ $sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title

+ FROM ' . ATTACHMENTS_TABLE . ' a

+ LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id)

+ LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id)

+ WHERE a.is_orphan = 0

+ $limit_filetime

+ ORDER BY $sql_sort_order";

+ $result = $db->sql_query_limit($sql, $sql_limit, $sql_start);

+

+ $i = ($store_reverse) ? $sql_limit - 1 : 0;

+

+ // Store increment value in a variable to save some conditional calls

+ $i_increment = ($store_reverse) ? -1 : 1;

+ while ($attachment_row = $db->sql_fetchrow($result))

+ {

+ $attachments_list[$i] = $attachment_row;

+ $i = $i + $i_increment;

+ }

+ $db->sql_freeresult($result);

+

+ $template->assign_vars(array(

+ 'TOTAL_FILES' => $num_files,

+ 'TOTAL_SIZE' => get_formatted_filesize($total_size),

+ 'PAGINATION' => generate_pagination($this->u_action . "&amp;$u_sort_param", $num_files, $attachments_per_page, $start, true),

+

+ 'S_ON_PAGE' => on_page($num_files, $attachments_per_page, $start),

+ 'S_LIMIT_DAYS' => $s_limit_days,

+ 'S_SORT_KEY' => $s_sort_key,

+ 'S_SORT_DIR' => $s_sort_dir)

+ );

+

+ // Grab extensions

+ $extensions = $cache->obtain_attach_extensions(true);

+

+ for ($i = 0, $end = sizeof($attachments_list); $i < $end; ++$i)

+ {

+ $row = $attachments_list[$i];

+

+ $row['extension'] = strtolower(trim((string) $row['extension']));

+ $comment = ($row['attach_comment'] && !$row['in_message']) ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : '';

+ $display_cat = $extensions[$row['extension']]['display_cat'];

+ $l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNT' : 'VIEWED_COUNT';

+ $l_download_count = (!isset($row['download_count']) || (int) $row['download_count'] == 0) ? $user->lang[$l_downloaded_viewed . '_NONE'] : (((int) $row['download_count'] == 1) ? sprintf($user->lang[$l_downloaded_viewed], $row['download_count']) : sprintf($user->lang[$l_downloaded_viewed . 'S'], $row['download_count']));

+

+ $template->assign_block_vars('attachments', array(

+ 'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),

+ 'FILESIZE' => get_formatted_filesize((int) $row['filesize']),

+ 'FILETIME' => $user->format_date((int) $row['filetime']),

+ 'REAL_FILENAME' => (!$row['in_message']) ? utf8_wordwrap(utf8_basename((string) $row['real_filename']), 40, '<br />', true) : '',

+ 'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']),

+ 'EXT_GROUP_NAME' => (!empty($extensions[$row['extension']]['group_name'])) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '',

+ 'COMMENT' => $comment,

+ 'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '',

+ 'ATTACH_ID' => (int) $row['attach_id'],

+ 'POST_ID' => (int) $row['post_msg_id'],

+ 'TOPIC_ID' => (int) $row['topic_id'],

+ 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '',

+

+ 'L_DOWNLOAD_COUNT' => $l_download_count,

+

+ 'S_IN_MESSAGE' => (bool) $row['in_message'],

+

+ 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",

+ 'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))

+ );

+ }

+

+ break;

+ 'load_cpf_pm' => array('lang' => 'LOAD_CPF_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),

+ 'load_cpf_pm' => array('lang' => 'LOAD_CPF_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),

+ 'ip_login_limit_max' => array('lang' => 'IP_LOGIN_LIMIT_MAX', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),

+ 'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),

+ 'ip_login_limit_use_forwarded' => array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),

+ $radio_ary = array(

+ USER_ACTIVATION_DISABLE => 'ACC_DISABLE',

+ USER_ACTIVATION_NONE => 'ACC_NONE',

+ );

+

+ $radio_ary[USER_ACTIVATION_SELF] = 'ACC_USER';

+ $radio_ary[USER_ACTIVATION_ADMIN] = 'ACC_ADMIN';

+ $radio_text = h_radio('config[require_activation]', $radio_ary, $value, 'require_activation', $key, '<br />');

+

+ return $radio_text;

+ 'U_ACTION' => $this->u_action . "&amp;$u_sort_param&amp;users_per_page=$per_page&amp;start=$start",

+ $start = view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort, $keywords);

+ 'U_ACTION' => $this->u_action . "&amp;$u_sort_param$keywords_param&amp;start=$start",

+ 'S_VERSION_UP_TO_DATE' => phpbb_version_compare(trim($latest_version_info[0]), $config['version'], '<='),

+ 'U_VERSIONCHECK_FORCE' => append_sid("{$phpbb_admin_path}index.$phpEx", 'versioncheck_force=1'),

+ // Fix invalid anchor names (eg "module_Zend Optimizer")

+ $output = preg_replace_callback('#<a name="([^"]+)">#', array($this, 'remove_spaces'), $output);

+

+

+ function remove_spaces($matches)

+ {

+ return '<a name="' . str_replace(' ', '_', $matches[1]) . '">';

+ }

+ 'field_show_on_pm' => 0,

+ 1 => array('field_ident', 'lang_name', 'lang_explain', 'field_option_none', 'field_show_on_reg', 'field_show_on_pm', 'field_show_on_vt', 'field_required', 'field_hide', 'field_show_profile', 'field_no_view'),

+ 'field_show_on_pm',

+ 'S_SHOW_ON_PM' => ($cp->vars['field_show_on_pm']) ? true : false,

+ 'field_show_on_pm' => $cp->vars['field_show_on_pm'],

+ global $config, $template, $phpbb_admin_path, $phpbb_root_path, $phpEx;

+

+ include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx);

+ $this->template_bitfield = $bitfield->get_base64();

+ $cache->destroy('imageset_site_logo_md5');

+ $sql_ary['bbcode_bitfield'] = $this->template_bitfield;

+ 'S_UP_TO_DATE' => phpbb_version_compare($latest_version, $config['version'], '<='),

+ 'S_UP_TO_DATE_AUTO' => phpbb_version_compare($latest_version, $current_version, '<='),

+ $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);

+ 'orphan' => array('title' => 'ACP_ORPHAN_ATTACHMENTS', 'auth' => 'acl_a_attach', 'cat' => array('ACP_ATTACHMENTS')),

+ 'manage' => array('title' => 'ACP_MANAGE_ATTACHMENTS', 'auth' => 'acl_a_attach', 'cat' => array('ACP_ATTACHMENTS')),

+ *

+ * Be careful when using this function with permissions a_, m_, u_ and f_ !

+ * It may not work correctly. When a user group grants an a_* permission,

+ * e.g. a_foo, but the user's a_foo permission is set to "Never", then

+ * the user does not in fact have the a_ permission.

+ * But the user will still be listed as having the a_ permission.

+ *

+ * For more information see: http://tracker.phpbb.com/browse/PHPBB3-10252

+ $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);

+*

+* @param string $username

+* @param string $password

+* @param string $ip IP address the login is taking place from. Used to

+* limit the number of login attempts per IP address.

+* @param string $browser The user agent used to login

+* @param string $forwarded_for X_FORWARDED_FOR header sent with login request

+* @return array A associative array of the format

+* array(

+* 'status' => status constant

+* 'error_msg' => string

+* 'user_row' => array

+* )

+function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')

+ $username_clean = utf8_clean_string($username);

+

+ WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";

+ if (($ip && !$config['ip_login_limit_use_forwarded']) ||

+ ($forwarded_for && $config['ip_login_limit_use_forwarded']))

+ {

+ $sql = 'SELECT COUNT(*) AS attempts

+ FROM ' . LOGIN_ATTEMPT_TABLE . '

+ WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);

+ if ($config['ip_login_limit_use_forwarded'])

+ {

+ $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";

+ }

+ else

+ {

+ $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";

+ }

+

+ $result = $db->sql_query($sql);

+ $attempts = (int) $db->sql_fetchfield('attempts');

+ $db->sql_freeresult($result);

+

+ $attempt_data = array(

+ 'attempt_ip' => $ip,

+ 'attempt_browser' => trim(substr($browser, 0, 149)),

+ 'attempt_forwarded_for' => $forwarded_for,

+ 'attempt_time' => time(),

+ 'user_id' => ($row) ? (int) $row['user_id'] : 0,

+ 'username' => $username,

+ 'username_clean' => $username_clean,

+ );

+ $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);

+ $result = $db->sql_query($sql);

+ }

+ else

+ {

+ $attempts = 0;

+ }

+

+

+ $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||

+ ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);

+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '

+ WHERE user_id = ' . $row['user_id'];

+ $db->sql_query($sql);

+

+ <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>

+ $code = str_replace("\n ", "\n&nbsp;", $code);

+

+ // keep space at the beginning

+ if (!empty($code) && $code[0] == ' ')

+ {

+ $code = '&nbsp;' . substr($code, 1);

+ }

+ $this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT);

+

+ 'group_name' => $row['group_name'],

+ $offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom));

+ 'lang' => array('INDEX', 'lang_iso'),

+ 'qid' => array('INDEX', 'question_id'),

+ var $recaptcha_server = 'http://www.google.com/recaptcha/api';

+ var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(

+

+ // We are opening a socket to port 80 of this host and send

+ // the POST request asking for verification to the path specified here.

+ var $recaptcha_verify_server = 'www.google.com';

+ var $recaptcha_verify_path = '/recaptcha/api/verify';

+

+ $response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,

+define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');

+ if (DIRECTORY_SEPARATOR != '/')

+ {

+ // Need this on some platforms since the code elsewhere uses /

+ // to separate directory components, but PHP iterators return

+ // paths with platform-specific directory separators.

+ $task_path = str_replace('/', DIRECTORY_SEPARATOR, $task_path);

+ }

+

+ if ($fileinfo->isFile() && strpos($file, DIRECTORY_SEPARATOR) !== false)

+ $task_name = str_replace(DIRECTORY_SEPARATOR, '_', substr($file, 0, -$ext_length));

+ if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"

+ {

+ trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);

+ }

+

+ $table_sql .= "\n)";

+ $trigger .= "\tFROM dual;\n";

+ $statements[] = "CREATE GENERATOR {$table_name}_gen;";

+ $statements[] = "SET GENERATOR {$table_name}_gen TO 0;";

+

+ $trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";

+ $trigger .= "BEFORE INSERT\nAS\nBEGIN\n";

+ $trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";

+ $statements[] = $trigger;

+ // Add tables?

+ if (!empty($schema_changes['add_tables']))

+ {

+ foreach ($schema_changes['add_tables'] as $table => $table_data)

+ {

+ $result = $this->sql_create_table($table, $table_data);

+ if ($this->return_statements)

+ {

+ $statements = array_merge($statements, $result);

+ }

+ }

+ }

+

+ // Only add the column if it does not exist yet

+ continue;

+ // This is commented out here because it can take tremendous time on updates

+// $result = $this->sql_column_change($table, $column_name, $column_data, true);

+ continue;

+// $sqlite_data[$table]['change_columns'][] = $result;

+ if (!$this->sql_index_exists($table, $index_name))

+ {

+ continue;

+ }

+

+ if ($this->sql_unique_index_exists($table, $index_name))

+ {

+ continue;

+ }

+

+ if ($this->sql_index_exists($table, $index_name))

+ {

+ continue;

+ }

+

+ * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.

+ *

+ * @param string $table_name Table to check the index at

+ * @param string $index_name The index name to check

+ *

+ * @return bool True if index exists, else false

+ */

+ function sql_index_exists($table_name, $index_name)

+ {

+ if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')

+ {

+ $sql = "EXEC sp_statistics '$table_name'";

+ $result = $this->db->sql_query($sql);

+

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ if ($row['TYPE'] == 3)

+ {

+ if (strtolower($row['INDEX_NAME']) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ return false;

+ }

+

+ switch ($this->sql_layer)

+ {

+ case 'firebird':

+ $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name

+ FROM RDB\$INDICES

+ WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'

+ AND RDB\$UNIQUE_FLAG IS NULL

+ AND RDB\$FOREIGN_KEY IS NULL";

+ $col = 'index_name';

+ break;

+

+ case 'postgres':

+ $sql = "SELECT ic.relname as index_name

+ FROM pg_class bc, pg_class ic, pg_index i

+ WHERE (bc.oid = i.indrelid)

+ AND (ic.oid = i.indexrelid)

+ AND (bc.relname = '" . $table_name . "')

+ AND (i.indisunique != 't')

+ AND (i.indisprimary != 't')";

+ $col = 'index_name';

+ break;

+

+ case 'mysql_40':

+ case 'mysql_41':

+ $sql = 'SHOW KEYS

+ FROM ' . $table_name;

+ $col = 'Key_name';

+ break;

+

+ case 'oracle':

+ $sql = "SELECT index_name

+ FROM user_indexes

+ WHERE table_name = '" . strtoupper($table_name) . "'

+ AND generated = 'N'

+ AND uniqueness = 'NONUNIQUE'";

+ $col = 'index_name';

+ break;

+

+ case 'sqlite':

+ $sql = "PRAGMA index_list('" . $table_name . "');";

+ $col = 'name';

+ break;

+ }

+

+ $result = $this->db->sql_query($sql);

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique'])

+ {

+ continue;

+ }

+

+ // These DBMS prefix index name with the table name

+ switch ($this->sql_layer)

+ {

+ case 'firebird':

+ case 'oracle':

+ case 'postgres':

+ case 'sqlite':

+ $row[$col] = substr($row[$col], strlen($table_name) + 1);

+ break;

+ }

+

+ if (strtolower($row[$col]) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ return false;

+ }

+

+ /**

+ * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.

+ *

+ * @param string $table_name Table to check the index at

+ * @param string $index_name The index name to check

+ *

+ * @return bool True if index exists, else false

+ */

+ function sql_unique_index_exists($table_name, $index_name)

+ {

+ if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')

+ {

+ $sql = "EXEC sp_statistics '$table_name'";

+ $result = $this->db->sql_query($sql);

+

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ // Usually NON_UNIQUE is the column we want to check, but we allow for both

+ if ($row['TYPE'] == 3)

+ {

+ if (strtolower($row['INDEX_NAME']) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ }

+ $this->db->sql_freeresult($result);

+ return false;

+ }

+

+ switch ($this->sql_layer)

+ {

+ case 'firebird':

+ $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name

+ FROM RDB\$INDICES

+ WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'

+ AND RDB\$UNIQUE_FLAG IS NOT NULL

+ AND RDB\$FOREIGN_KEY IS NULL";

+ $col = 'index_name';

+ break;

+

+ case 'postgres':

+ $sql = "SELECT ic.relname as index_name, i.indisunique

+ FROM pg_class bc, pg_class ic, pg_index i

+ WHERE (bc.oid = i.indrelid)

+ AND (ic.oid = i.indexrelid)

+ AND (bc.relname = '" . $table_name . "')

+ AND (i.indisprimary != 't')";

+ $col = 'index_name';

+ break;

+

+ case 'mysql_40':

+ case 'mysql_41':

+ $sql = 'SHOW KEYS

+ FROM ' . $table_name;

+ $col = 'Key_name';

+ break;

+

+ case 'oracle':

+ $sql = "SELECT index_name, table_owner

+ FROM user_indexes

+ WHERE table_name = '" . strtoupper($table_name) . "'

+ AND generated = 'N'

+ AND uniqueness = 'UNIQUE'";

+ $col = 'index_name';

+ break;

+

+ case 'sqlite':

+ $sql = "PRAGMA index_list('" . $table_name . "');";

+ $col = 'name';

+ break;

+ }

+

+ $result = $this->db->sql_query($sql);

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY'))

+ {

+ continue;

+ }

+

+ if ($this->sql_layer == 'sqlite' && !$row['unique'])

+ {

+ continue;

+ }

+

+ if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't')

+ {

+ continue;

+ }

+

+ // These DBMS prefix index name with the table name

+ switch ($this->sql_layer)

+ {

+ case 'oracle':

+ // Two cases here... prefixed with U_[table_owner] and not prefixed with table_name

+ if (strpos($row[$col], 'U_') === 0)

+ {

+ $row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1);

+ }

+ else if (strpos($row[$col], strtoupper($table_name)) === 0)

+ {

+ $row[$col] = substr($row[$col], strlen($table_name) + 1);

+ }

+ break;

+

+ case 'firebird':

+ case 'postgres':

+ case 'sqlite':

+ $row[$col] = substr($row[$col], strlen($table_name) + 1);

+ break;

+ }

+

+ if (strtolower($row[$col]) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ return false;

+ }

+

+ /**

+ if (strlen($column_name) > 30)

+ {

+ trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);

+ }

+

+ // Does not support AFTER statement, only POSITION (and there you need the column position)

+ // Does not support AFTER, only through temporary table

+ $after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : '';

+ $statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after;

+ // Does not support AFTER, only through temporary table

+ // Does not support AFTER, only through temporary table

+ $table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)

+ if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)

+ {

+ $max_length = strlen($table_prefix) + 24;

+ trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);

+ }

+

+ $table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)

+ if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)

+ {

+ $max_length = strlen($table_prefix) + 24;

+ trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);

+ }

+

+ // TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail.

+ function sql_buffer_nested_transactions()

+ echo '<!DOCTYPE html>

+ <html dir="ltr">

+ <meta charset="utf-8">

+ Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group

+ // Precision must be from 1 to 18

+ return 'CAST(' . $expression . ' as DECIMAL(18, 0))';

+ function sql_buffer_nested_transactions()

+ // Mysqli extension supports persistent connection since PHP 5.3.0

+ $this->persistency = (version_compare(PHP_VERSION, '5.3.0', '>=')) ? $persistency : false;

+

+ // If persistent connection, set dbhost to localhost when empty and prepend it with 'p:' prefix

+ $this->server = ($this->persistency) ? 'p:' . (($sqlserver) ? $sqlserver : 'localhost') : $sqlserver;

+

+ // If port is set and it is not numeric, most likely mysqli socket is set.

+ // Try to map it to the $socket parameter.

+ $socket = NULL;

+ if ($port)

+ {

+ if (is_numeric($port))

+ {

+ $port = (int) $port;

+ }

+ else

+ {

+ $socket = $port;

+ $port = NULL;

+ }

+ }

+

+ $this->db_connect_id = @mysqli_connect($this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket);

+* Wrapper for mt_rand() which allows swapping $min and $max parameters.

+*

+* PHP does not allow us to swap the order of the arguments for mt_rand() anymore.

+* (since PHP 5.3.4, see http://bugs.php.net/46587)

+*

+* @param int $min Lowest value to be returned

+* @param int $max Highest value to be returned

+*

+* @return int Random integer between $min and $max (or $max and $min)

+*/

+function phpbb_mt_rand($min, $max)

+{

+ return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);

+}

+

+/**

+* Wrapper for getdate() which returns the equivalent array for UTC timestamps.

+*

+* @param int $time Unix timestamp (optional)

+*

+* @return array Returns an associative array of information related to the timestamp.

+* See http://www.php.net/manual/en/function.getdate.php

+*/

+function phpbb_gmgetdate($time = false)

+{

+ if ($time === false)

+ {

+ $time = time();

+ }

+

+ // getdate() interprets timestamps in local time.

+ // What follows uses the fact that getdate() and

+ // date('Z') balance each other out.

+ return getdate($time - date('Z'));

+}

+

+/**

+* Wrapper for version_compare() that allows using uppercase A and B

+* for alpha and beta releases.

+*

+* See http://www.php.net/manual/en/function.version-compare.php

+*

+* @param string $version1 First version number

+* @param string $version2 Second version number

+* @param string $operator Comparison operator (optional)

+*

+* @return mixed Boolean (true, false) if comparison operator is specified.

+* Integer (-1, 0, 1) otherwise.

+*/

+function phpbb_version_compare($version1, $version2, $operator = null)

+{

+ $version1 = strtolower($version1);

+ $version2 = strtolower($version2);

+

+ if (is_null($operator))

+ {

+ return version_compare($version1, $version2);

+ }

+ else

+ {

+ return version_compare($version1, $version2, $operator);

+ }

+}

+

+/**

+*

+*

+* @return string the generated board url

+ echo '<!DOCTYPE html>';

+ echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">';

+ echo '<meta charset="utf-8">';

+ break;

+ // AAAA records returned by nslookup on Windows XP/2003 have this format.

+ // Later Windows versions use the A record format below for AAAA records.

+ if (stripos($line, "$host AAAA IPv6 address") === 0)

+ {

+ return true;

+ }

+ // No break

+

+ case 'A':

+ $error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';

+ echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";

+ echo '<!DOCTYPE html>';

+ echo '<html dir="ltr">';

+ echo '<meta charset="utf-8">';

+ echo ' Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';

+ // to avoid partially compressed output resulting in blank pages in

+ // the browser or error messages, compression is disabled in a few cases:

+ //

+ // 1) if headers have already been sent, this indicates plaintext output

+ // has been started so further content must not be compressed

+ // 2) the length of the current output buffer is non-zero. This means

+ // there is already some uncompressed content in this output buffer

+ // so further output must not be compressed

+ // 3) if more than one level of output buffering is used because we

+ // cannot test all output buffer level content lengths. One level

+ // could be caused by php.ini output_buffering. Anything

+ // beyond that is manual, so the code wrapping phpBB in output buffering

+ // can easily compress the output itself.

+ //

+ if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)

+ $s_search_hidden_fields = array();

+ if ($_SID)

+ {

+ $s_search_hidden_fields['sid'] = $_SID;

+ }

+

+ 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields),

+

+ 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,

+ 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),

+ (ob_get_level() > 0) ? @ob_flush() : @flush();

+function h_radio($name, $input_ary, $input_default = false, $id = false, $key = false, $separator = '')

+ $html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>' . $separator;

+ $tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ? ' autocomplete="off"' : '') . ' />';

+ $length = utf8_strlen($cfg_array[$config_name]);

+ if (utf8_strlen($value['value']) > $max)

+ if ($log_count !== false)

+ {

+ $sql = 'SELECT COUNT(l.log_id) AS total_entries

+ FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u

+ WHERE l.log_type = $log_type

+ AND l.user_id = u.user_id

+ AND l.log_time >= $limit_days

+ $sql_keywords

+ $sql_forum";

+ $result = $db->sql_query($sql);

+ $log_count = (int) $db->sql_fetchfield('total_entries');

+ $db->sql_freeresult($result);

+ }

+

+ if ($log_count == 0)

+ {

+ // Save the queries, because there are no logs to display

+ return 0;

+ }

+

+ if ($offset >= $log_count)

+ {

+ $offset = ($offset - $limit < 0) ? 0 : $offset - $limit;

+ }

+

+ return $offset;

+ if ($user_count == 0)

+ {

+ // Save the queries, because there are no users to display

+ return 0;

+ }

+

+ // Strip control characters

+ $text = preg_replace('/[\x00-\x0f]/', '', $text);

+

+* NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_length) and is deprecated.

+function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0, $item_title = '')

+ $token = request_var('hash', '');

+

+ if (($token && check_link_hash($token, "{$mode}_$match_id")) || confirm_box(true))

+ if (($uid != $user_id) || ($request->variable('unwatch', '', false, phpbb_request_interface::GET) != $mode))

+ {

+ $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");

+ $message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');

+ trigger_error($message);

+ }

+ $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");

+ $message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');

+ meta_refresh(3, $redirect_url);

+ trigger_error($message);

+ }

+ else

+ {

+ $s_hidden_fields = array(

+ 'uid' => $user->data['user_id'],

+ 'unwatch' => $mode,

+ 'start' => $start,

+ 'f' => $forum_id,

+ );

+ if ($mode != 'forum')

+ {

+ $s_hidden_fields['t'] = $topic_id;

+ }

+ $confirm_box_message = (($item_title == '') ? 'UNWATCH_' . strtoupper($mode) : $user->lang('UNWATCH_' . strtoupper($mode) . '_DETAILED', $item_title));

+ confirm_box(false, $confirm_box_message, build_hidden_fields($s_hidden_fields));

+ }

+ $uid = request_var('uid', 0);

+ if (($token && check_link_hash($token, "{$mode}_$match_id")) || confirm_box(true))

+ if (($uid != $user_id) || ($request->variable('watch', '', false, phpbb_request_interface::GET) != $mode))

+ {

+ $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");

+ $message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');

+ trigger_error($message);

+ }

+

+

+ $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");

+ meta_refresh(3, $redirect_url);

+ trigger_error($message);

+ $s_hidden_fields = array(

+ 'uid' => $user->data['user_id'],

+ 'watch' => $mode,

+ 'start' => $start,

+ 'f' => $forum_id,

+ );

+ if ($mode != 'forum')

+ {

+ $s_hidden_fields['t'] = $topic_id;

+ }

+ $confirm_box_message = (($item_title == '') ? 'WATCH_' . strtoupper($mode) : $user->lang('WATCH_' . strtoupper($mode) . '_DETAILED', $item_title));

+ confirm_box(false, $confirm_box_message, build_hidden_fields($s_hidden_fields));

+ }

+ if ((isset($_GET['unwatch']) && $request->variable('unwatch', '', false, phpbb_request_interface::GET) == $mode) ||

+ (isset($_GET['watch']) && $request->variable('watch', '', false, phpbb_request_interface::GET) == $mode))

+ echo '<!DOCTYPE html>';

+ echo '<meta charset="utf-8">';

+ global $db, $user, $config, $template;

+ global $template, $config, $phpbb_root_path, $phpEx, $user;

+

+/**

+* Handle topic bumping

+* @param int $forum_id The ID of the forum the topic is being bumped belongs to

+* @param int $topic_id The ID of the topic is being bumping

+* @param array $post_data Passes some topic parameters:

+* - 'topic_title'

+* - 'topic_last_post_id'

+* - 'topic_last_poster_id'

+* - 'topic_last_post_subject'

+* - 'topic_last_poster_name'

+* - 'topic_last_poster_colour'

+* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().

+* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3

+*/

+function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)

+{

+ global $config, $db, $user, $phpEx, $phpbb_root_path;

+

+ if ($bump_time === false)

+ {

+ $bump_time = time();

+ }

+

+ // Begin bumping

+ $db->sql_transaction('begin');

+

+ // Update the topic's last post post_time

+ $sql = 'UPDATE ' . POSTS_TABLE . "

+ SET post_time = $bump_time

+ WHERE post_id = {$post_data['topic_last_post_id']}

+ AND topic_id = $topic_id";

+ $db->sql_query($sql);

+

+ // Sync the topic's last post time, the rest of the topic's last post data isn't changed

+ $sql = 'UPDATE ' . TOPICS_TABLE . "

+ SET topic_last_post_time = $bump_time,

+ topic_bumped = 1,

+ topic_bumper = " . $user->data['user_id'] . "

+ WHERE topic_id = $topic_id";

+ $db->sql_query($sql);

+

+ // Update the forum's last post info

+ $sql = 'UPDATE ' . FORUMS_TABLE . "

+ SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ",

+ forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ",

+ forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "',

+ forum_last_post_time = $bump_time,

+ forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "',

+ forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "'

+ WHERE forum_id = $forum_id";

+ $db->sql_query($sql);

+

+ // Update bumper's time of the last posting to prevent flood

+ $sql = 'UPDATE ' . USERS_TABLE . "

+ SET user_lastpost_time = $bump_time

+ WHERE user_id = " . $user->data['user_id'];

+ $db->sql_query($sql);

+

+ $db->sql_transaction('commit');

+

+ // Mark this topic as posted to

+ markread('post', $forum_id, $topic_id, $bump_time);

+

+ // Mark this topic as read

+ markread('topic', $forum_id, $topic_id, $bump_time);

+

+ // Update forum tracking info

+ if ($config['load_db_lastread'] && $user->data['is_registered'])

+ {

+ $sql = 'SELECT mark_time

+ FROM ' . FORUMS_TRACK_TABLE . '

+ WHERE user_id = ' . $user->data['user_id'] . '

+ AND forum_id = ' . $forum_id;

+ $result = $db->sql_query($sql);

+ $f_mark_time = (int) $db->sql_fetchfield('mark_time');

+ $db->sql_freeresult($result);

+ }

+ else if ($config['load_anon_lastread'] || $user->data['is_registered'])

+ {

+ $f_mark_time = false;

+ }

+

+ if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered'])

+ {

+ // Update forum info

+ $sql = 'SELECT forum_last_post_time

+ FROM ' . FORUMS_TABLE . '

+ WHERE forum_id = ' . $forum_id;

+ $result = $db->sql_query($sql);

+ $forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');

+ $db->sql_freeresult($result);

+

+ update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false);

+ }

+

+ add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);

+

+ $url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id&amp;p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";

+

+ return $url;

+}

+

+ // retrieve option lang data if necessary

+ if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']]))

+ {

+ $this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false);

+ }

+

+ if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value]))

+ {

+ return 'FIELD_INVALID_VALUE';

+ }

+

+ case 'FIELD_INVALID_VALUE':

+ $start = view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort, $keywords);

+ 'U_POST_ACTION' => $this->u_action . "&amp;$u_sort_param$keywords_param&amp;start=$start",

+ $start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort, $keywords);

+ function bbcode_init($allow_custom_bbcode = true)

+ // To parse multiline URL we enable dotall option setting only for URL text

+ // but not for link itself, thus [url][/url] is not affected.

+ 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', ('\$3') ? '\$3' : '\$4')")),

+ if (!$allow_custom_bbcode)

+ {

+ return;

+ }

+

+ $this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));

+ $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';

+ $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));

+ $ips = explode(' ', trim($this->ip));

+ if (preg_match(get_preg_expression('ipv4'), $ip))

+ $this->ip = $ip;

+ else if (preg_match(get_preg_expression('ipv6'), $ip))

+ // Quick check for IPv4-mapped address in IPv6

+ if (stripos($ip, '::ffff:') === 0)

+ $ipv4 = substr($ip, 7);

+

+ if (preg_match(get_preg_expression('ipv4'), $ipv4))

+ {

+ $ip = $ipv4;

+ }

+ $this->ip = $ip;

+ }

+ else

+ {

+ // We want to use the last valid address in the chain

+ // Leave foreach loop when address is invalid

+ break;

+ }

+ send_status_line(301, 'Moved Permanently');

+

+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '

+ WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);

+ $db->sql_query($sql);

+ // Neither Spamhaus nor Spamcop supports IPv6 addresses.

+ if (strpos($ip, ':') !== false)

+ {

+ return false;

+ }

+

+ $path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];

+

+ $img_data['src'] = $root_path . $path;

+

+ // We overwrite the width and height to the phpbb logo's width

+ // and height here if the contents of the site_logo file are

+ // really equal to the phpbb_logo

+ // This allows us to change the dimensions of the phpbb_logo without

+ // modifying the imageset.cfg and causing a conflict for everyone

+ // who modified it for their custom logo on updating

+ if ($img == 'site_logo' && file_exists($phpbb_root_path . $path))

+ {

+ global $cache;

+

+ $img_file_hashes = $cache->get('imageset_site_logo_md5');

+

+ if ($img_file_hashes === false)

+ {

+ $img_file_hashes = array();

+ }

+

+ $key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang'];

+ if (!isset($img_file_hashes[$key]))

+ {

+ $img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path));

+ $cache->put('imageset_site_logo_md5', $img_file_hashes);

+ }

+

+ $phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10';

+

+ if ($phpbb_logo_hash == $img_file_hashes[$key])

+ {

+ $img_data['width'] = '149';

+ $img_data['height'] = '52';

+ }

+ }

+<?php

+/**

+*

+* @package phpBB3

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+/**

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+// Report all errors, except notices and deprecation messages

+if (!defined('E_DEPRECATED'))

+{

+ define('E_DEPRECATED', 8192);

+}

+error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

+

+/*

+* Remove variables created by register_globals from the global scope

+* Thanks to Matt Kavanagh

+*/

+function deregister_globals()

+{

+ $not_unset = array(

+ 'GLOBALS' => true,

+ '_GET' => true,

+ '_POST' => true,

+ '_COOKIE' => true,

+ '_REQUEST' => true,

+ '_SERVER' => true,

+ '_SESSION' => true,

+ '_ENV' => true,

+ '_FILES' => true,

+ 'phpEx' => true,

+ 'phpbb_root_path' => true

+ );

+

+ // Not only will array_merge and array_keys give a warning if

+ // a parameter is not an array, array_merge will actually fail.

+ // So we check if _SESSION has been initialised.

+ if (!isset($_SESSION) || !is_array($_SESSION))

+ {

+ $_SESSION = array();

+ }

+

+ // Merge all into one extremely huge array; unset this later

+ $input = array_merge(

+ array_keys($_GET),

+ array_keys($_POST),

+ array_keys($_COOKIE),

+ array_keys($_SERVER),

+ array_keys($_SESSION),

+ array_keys($_ENV),

+ array_keys($_FILES)

+ );

+

+ foreach ($input as $varname)

+ {

+ if (isset($not_unset[$varname]))

+ {

+ // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)

+ if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))

+ {

+ exit;

+ }

+ else

+ {

+ $cookie = &$_COOKIE;

+ while (isset($cookie['GLOBALS']))

+ {

+ if (!is_array($cookie['GLOBALS']))

+ {

+ break;

+ }

+

+ foreach ($cookie['GLOBALS'] as $registered_var => $value)

+ {

+ if (!isset($not_unset[$registered_var]))

+ {

+ unset($GLOBALS[$registered_var]);

+ }

+ }

+ $cookie = &$cookie['GLOBALS'];

+ }

+ }

+ }

+

+ unset($GLOBALS[$varname]);

+ }

+

+ unset($input);

+}

+

+// If we are on PHP >= 6.0.0 we do not need some code

+if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))

+{

+ /**

+ * @ignore

+ */

+ define('STRIP', false);

+}

+else

+{

+ @set_magic_quotes_runtime(0);

+

+ // Be paranoid with passed vars

+ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))

+ {

+ deregister_globals();

+ }

+

+ define('STRIP', (get_magic_quotes_gpc()) ? true : false);

+}

+

+// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone

+if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get'))

+{

+ // For PHP 5.1.0 the date/time functions have been rewritten

+ // and setting a timezone is required prior to calling any date/time function.

+

+ // Since PHP 5.2.0 calls to date/time functions without having a timezone set

+ // result in E_STRICT errors being thrown.

+ // Note: We already exclude E_STRICT errors

+ // (to be exact: they are not included in E_ALL in PHP 5.2)

+

+ // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems

+ // because we show E_WARNING errors and do not set a default timezone.

+ // This is because we have our own timezone handling and work in UTC only anyway.

+

+ // So what we basically want to do is set our timezone to UTC,

+ // but we don't know what other scripts (such as bridges) are involved,

+ // so we check whether a timezone is already set by calling date_default_timezone_get().

+

+ // Unfortunately, date_default_timezone_get() itself might throw E_WARNING

+ // if no timezone has been set, so we have to keep it quiet with @.

+

+ // date_default_timezone_get() tries to guess the correct timezone first

+ // and then falls back to UTC when everything fails.

+ // We just set the timezone to whatever date_default_timezone_get() returns.

+ date_default_timezone_set(@date_default_timezone_get());

+}

+

+$starttime = explode(' ', microtime());

+$starttime = $starttime[1] + $starttime[0];

+

+ // Create the correct logs

+ add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER');

+ if ($auth->acl_get('a_user'))

+ {

+ add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']);

+ }

+ $user_folders = get_folder($user->data['user_id']);

+ compose_pm($id, $mode, $action, $user_folders);

+function compose_pm($id, $mode, $action, $user_folders = array())

+ $folder_id = 0;

+ $s_action .= (($folder_id) ? "&amp;f=$folder_id" : '') . (($msg_id) ? "&amp;p=$msg_id" : '');

+ $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox');

+ $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=outbox');

+

+ $folder_url = '';

+ if (($folder_id > 0) && isset($user_folders[$folder_id]))

+ {

+ $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $folder_id);

+ }

+

+ $return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url;

+ $return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX';

+

+ $message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>');

+

+ $last_click_type = 'CLICK_RETURN_FOLDER';

+ if ($folder_url)

+ {

+ $message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']);

+ $last_click_type = 'CLICK_GOTO_FOLDER';

+ }

+ $message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]);

+

+ meta_refresh(3, $return_message_url);

+ // Load the custom profile fields

+ if ($config['load_cpf_pm'])

+ {

+ if (!class_exists('custom_profile'))

+ {

+ include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);

+ }

+ $cp = new custom_profile();

+

+ $profile_fields = $cp->generate_profile_fields_template('grab', $author_id);

+ }

+

+ // Get the profile fields template data

+ $cp_row = array();

+ if ($config['load_cpf_pm'] && isset($profile_fields[$author_id]))

+ {

+ // Filter the fields we don't want to show

+ foreach ($profile_fields[$author_id] as $used_ident => $profile_field)

+ {

+ if (!$profile_field['data']['field_show_on_pm'])

+ {

+ unset($profile_fields[$author_id][$used_ident]);

+ }

+ }

+

+ if (isset($profile_fields[$author_id]))

+ {

+ $cp_row = $cp->generate_profile_fields_template('show', false, $profile_fields[$author_id]);

+ }

+ }

+

+ 'S_CUSTOM_FIELDS' => (!empty($cp_row['row'])) ? true : false,

+ // Display the custom profile fields

+ if (!empty($cp_row['row']))

+ {

+ $template->assign_vars($cp_row['row']);

+

+ foreach ($cp_row['blockrow'] as $cp_block_row)

+ {

+ $template->assign_block_vars('custom_fields', $cp_block_row);

+ }

+ }

+