diff options
Diffstat (limited to 'phpBB')
45 files changed, 1419 insertions, 1156 deletions
diff --git a/phpBB/adm/style/acp_icons.html b/phpBB/adm/style/acp_icons.html index 373a7b890c..eca02d2798 100644 --- a/phpBB/adm/style/acp_icons.html +++ b/phpBB/adm/style/acp_icons.html @@ -243,8 +243,8 @@ <td style="text-align: center;">{items.EMOTION}</td> <!-- ENDIF --> <td style="text-align: right; white-space: nowrap;"> - <!-- IF items.S_FIRST_ROW and not PREVIOUS_PAGE -->{ICON_MOVE_UP_DISABLED}<!-- ELSE --><a href="{items.U_MOVE_UP}">{ICON_MOVE_UP}</a><!-- ENDIF --> - <!-- IF items.S_LAST_ROW and not NEXT_PAGE -->{ICON_MOVE_DOWN_DISABLED}<!-- ELSE --><a href="{items.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a><!-- ENDIF --> + <!-- IF items.S_FIRST_ROW and not U_PREVIOUS_PAGE -->{ICON_MOVE_UP_DISABLED}<!-- ELSE --><a href="{items.U_MOVE_UP}">{ICON_MOVE_UP}</a><!-- ENDIF --> + <!-- IF items.S_LAST_ROW and not U_NEXT_PAGE -->{ICON_MOVE_DOWN_DISABLED}<!-- ELSE --><a href="{items.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a><!-- ENDIF --> <a href="{items.U_EDIT}">{ICON_EDIT}</a> <a href="{items.U_DELETE}" data-ajax="row_delete">{ICON_DELETE}</a> </td> </tr> diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml new file mode 100644 index 0000000000..bcc448e4d7 --- /dev/null +++ b/phpBB/config/auth_providers.yml @@ -0,0 +1,37 @@ +services: + auth.provider_collection: + class: phpbb_di_service_collection + arguments: + - @service_container + tags: + - { name: service_collection, tag: auth.provider } + auth.provider.db: + class: phpbb_auth_provider_db + arguments: + - @dbal.conn + - @config + - @request + - @user + - %core.root_path% + - %core.php_ext% + tags: + - { name: auth.provider } + auth.provider.apache: + class: phpbb_auth_provider_apache + arguments: + - @dbal.conn + - @config + - @request + - @user + - %core.root_path% + - %core.php_ext% + tags: + - { name: auth.provider } + auth.provider.ldap: + class: phpbb_auth_provider_ldap + arguments: + - @dbal.conn + - @config + - @user + tags: + - { name: auth.provider } diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index bb96953bcf..4b272c6abd 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -5,6 +5,7 @@ imports: - { resource: migrator.yml } - { resource: avatars.yml } - { resource: feed.yml } + - { resource: auth_providers.yml } services: auth: diff --git a/phpBB/docs/README.html b/phpBB/docs/README.html index 164c4a2f55..95a2f56825 100644 --- a/phpBB/docs/README.html +++ b/phpBB/docs/README.html @@ -34,7 +34,7 @@ <!-- BEGIN DOCUMENT --> - <p>Thank you for downloading phpBB3. This README will guide through the basics of installation and operation of phpBB3. Please ensure you read this and the accompanying documentation fully <strong>before</strong> proceeding with the installation.</p> + <p>Thank you for downloading phpBB3. This README will guide you through the basics of installation and operation of phpBB3. Please ensure you read this and the accompanying documentation fully <strong>before</strong> proceeding with the installation.</p> <h1>Readme</h1> @@ -61,7 +61,7 @@ </ol> </li> <li><a href="#status">Status of this version</a></li> - <li><a href="#bugs">Reporting Bugs</a> + <li><a href="#bugs">Reporting bugs</a> <ol style="list-style-type: lower-roman;"> <li><a href="#securitybugs">Security related bugs</a></li> </ol> @@ -84,12 +84,11 @@ <div class="inner"><span class="corners-top"><span></span></span> <div class="content"> - - <p>Installation, update and conversion instructions can be found in the <a href="INSTALL.html">INSTALL</a> document contained in this distribution. If you are intending to convert from a previous phpBB 2.0.x or 3.0.x installation we highly recommend you backup any existing data before proceeding!</p> + <p>Installation, update and conversion instructions can be found in the <a href="INSTALL.html">INSTALL</a> document in this directory. If you are intending on converting from a phpBB 2.0.x or 3.0.x installation we highly recommend that you backup any existing data before proceeding!</p> <p>Users of phpBB 3.0 and 3.1 Beta versions cannot directly update.</p> - <p>Please note that we won't support the following installation types:</p> + <p>Please note that we don't support the following installation types:</p> <ul> <li>Updates from phpBB 3.0 Beta versions to phpBB 3.0 RC1 and higher</li> <li>Updates from phpBB 3.1 Beta versions to phpBB 3.1 RC1 and higher</li> @@ -103,8 +102,8 @@ <li>Updates from phpBB 3.0 RC1 and 3.1 RC1 to the latest version</li> <li>Note: if using the <em>Automatic Update Package</em>, updates are supported from phpBB 3.0.2 onward. To update a pre-3.0.2 installation, first update to 3.0.2 and then update to the current version.</li> <li>Conversions from phpBB 2.0.x to the latest version</li> - <li>New installations of phpBB 3.0.x - always only the latest released version</li> - <li>New installations of phpBB 3.1.x - always only the latest released version</li> + <li>New installations of phpBB 3.0.x - only the latest released version</li> + <li>New installations of phpBB 3.1.x - only the latest released version</li> </ul> </div> @@ -131,7 +130,7 @@ <p>For more information about language packs, please see: <a href="http://www.phpbb.com/languages/">http://www.phpbb.com/languages/</a></p> - <p>This is the <em>official</em> location for all supported language sets. If you download a package from a 3rd party site you do so with the understanding that we cannot offer support. So please, do not ask for help in these cases!</p> + <p>This is the <em>official</em> location for all supported language sets. If you download a package from a 3rd party site you do so with the understanding that we cannot offer support. Please do not ask for support if you download a language pack from a 3rd party site.</p> <p>Installation of these packages is straightforward: simply download the required language pack, uncompress (unzip) it and via FTP transfer the included <code>language</code> and <code>styles</code> folders to the root of your board installation. The language can then be installed via the Administration Control Panel of your board: <code>System tab -> General Tasks -> Language packs</code>. A more detailed description of the process is in the Knowledge Base article, <a href="http://www.phpbb.com/kb/article/how-to-install-a-language-pack/">How to Install a Language Pack</a>.</p> @@ -175,15 +174,15 @@ <div class="content"> - <p>phpBB3 can seem a little daunting to new users in places, particularly with regard the permission system. The first thing you should do is check the <a href="FAQ.html">FAQ</a> which covers a few basic getting started questions. If you need additional help there are several places you should look.</p> + <p>phpBB3 can sometimes seem a little daunting to new users, particularly with regards to the permission system. The first thing you should do is check the <a href="FAQ.html">FAQ</a>, which covers a few basic getting started questions. If you need additional help there are several places you can find it.</p> <a name="docs"></a><h3>3.i. phpBB3 Documentation</h3> - <p>A comprehensive documentation is now available online and can be accessed from the following location:</p> + <p>Comprehensive documentation is now available on the phpBB website:</p> <p><a href="http://www.phpbb.com/support/documentation/3.0/">http://www.phpbb.com/support/documentation/3.0/</a></p> - <p>This covers everything from installation through setting permissions and managing users.</p> + <p>This covers everything from installation to setting permissions and managing users.</p> <a name="kb"></a><h3>3.ii. Knowledge Base</h3> @@ -197,7 +196,7 @@ <p><a href="http://www.phpbb.com/community/">http://www.phpbb.com/community/</a></p> - <p>If you do seek help via our forums please be sure to do a Search before posting. This may well save both you and us time and allow the developer, moderator and support groups to spend more time responding to people with unknown issues and problems. Please also remember that phpBB is an entirely volunteer effort, no one receives any compensation for the time they give, this includes moderators as well as developers. So please be respectful and mindful when awaiting responses.</p> + <p>If you do seek help via our forums please be sure to do a search before posting; if someone has experienced the issue before, then you may find that your question has already been answered. Please remember that phpBB is entirely staffed by volunteers, no one receives any compensation for the time they give, including moderators as well as developers; please be respectful and mindful when awaiting responses and receiving support.</p> <a name="irc"></a><h3>3.iv Internet Relay Chat</h3> @@ -268,7 +267,7 @@ <p>The relevant database type/version is listed within the administration control panel.</p> - <p>Please also be as detailed as you can in your report, if possible list the steps required to duplicate the problem. If you have a patch that fixes the issue, please attach it to the ticket or submit a pull request <a href="https://github.com/phpbb/phpbb3">on GitHub</a>.</p> + <p>Please be as detailed as you can in your report, and if possible, list the steps required to duplicate the problem. If you have a patch that fixes the issue, please attach it to the ticket or submit a pull request to our repository <a href="https://github.com/phpbb/phpbb3">on GitHub</a>.</p> <p>If you create a patch, it is very much appreciated (but not required) if you follow the phpBB coding guidelines. Please note that the coding guidelines are somewhat different between different versions of phpBB. For phpBB 3.1.x the coding guidelines may be found here: <a href="http://area51.phpbb.com/docs/31x/coding-guidelines.html">http://area51.phpbb.com/docs/31x/coding-guidelines.html</a></p> @@ -299,8 +298,8 @@ <p>This list is not complete but does represent those bugs which may affect users on a wider scale. Other bugs listed in the tracker have typically been shown to be limited to certain setups or methods of installation, updating and/or conversions.</p> <ul> - <li>Conversions may fail to complete on large boards under some hosts</li> - <li>Updates may fail to complete on large update sets under some hosts</li> + <li>Conversions may fail to complete on large boards under some hosts.</li> + <li>Updates may fail to complete on large update sets under some hosts.</li> <li>Smilies placed directly after bbcode tags will not get parsed. Smilies always need to be separated by spaces.</li> </ul> @@ -322,7 +321,7 @@ <p>phpBB 3.1.x takes advantage of new features added in PHP 5.3. We recommend that you upgrade to the latest stable release of PHP5 to run phpBB. The minimum version required is PHP 5.3.3.</p> - <p>Please remember that running any application on a developmental version of PHP can lead to strange/unexpected results which may appear to be bugs in the application (which may not be true). Therefore we recommend you upgrade to the newest stable version of PHP before running phpBB3. If you are running a developmental version of PHP please check any bugs you find on a system running a stable release before submitting.</p> + <p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB3. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p> <p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQL 3.23, 4.x, 5.x, MSSQL Server 2000, PostgreSQL 8.x, Oracle 8, SQLite 2 and Firebird. Versions of PHP used range from 5.3.x to 5.4.x without problem.</p> diff --git a/phpBB/download/file.php b/phpBB/download/file.php index eee2090da0..cf7128b25b 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -279,7 +279,7 @@ else if ($download_id) phpbb_increment_downloads($db, $attachment['attach_id']); } - if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false))) + if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)) { wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']); file_gc(); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 6881e03fdb..24b913260b 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -522,84 +522,54 @@ class acp_board if ($mode == 'auth') { // Retrieve a list of auth plugins and check their config values - $auth_plugins = array(); + $auth_providers = $phpbb_container->get('auth.provider_collection'); - $dp = @opendir($phpbb_root_path . 'includes/auth'); - - if ($dp) + $updated_auth_settings = false; + $old_auth_config = array(); + foreach ($auth_providers as $provider) { - while (($file = readdir($dp)) !== false) + if ($fields = $provider->acp($this->new_config)) { - if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file)) + // Check if we need to create config fields for this plugin and save config when submit was pressed + foreach ($fields['config'] as $field) { - $auth_plugins[] = basename(preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file)); - } - } - closedir($dp); + if (!isset($config[$field])) + { + set_config($field, ''); + } - sort($auth_plugins); - } + if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false) + { + continue; + } - $updated_auth_settings = false; - $old_auth_config = array(); - foreach ($auth_plugins as $method) - { - if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) - { - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); + $old_auth_config[$field] = $this->new_config[$field]; + $config_value = $cfg_array[$field]; + $this->new_config[$field] = $config_value; - $method = 'acp_' . $method; - if (function_exists($method)) - { - if ($fields = $method($this->new_config)) + if ($submit) { - // Check if we need to create config fields for this plugin and save config when submit was pressed - foreach ($fields['config'] as $field) - { - if (!isset($config[$field])) - { - set_config($field, ''); - } - - if (!isset($cfg_array[$field]) || strpos($field, 'legend') !== false) - { - continue; - } - - $old_auth_config[$field] = $this->new_config[$field]; - $config_value = $cfg_array[$field]; - $this->new_config[$field] = $config_value; - - if ($submit) - { - $updated_auth_settings = true; - set_config($field, $config_value); - } - } + $updated_auth_settings = true; + set_config($field, $config_value); } - unset($fields); } } + unset($fields); } if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) { $method = basename($cfg_array['auth_method']); - if ($method && in_array($method, $auth_plugins)) + if (array_key_exists('auth.provider.' . $method, $auth_providers)) { - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - - $method = 'init_' . $method; - if (function_exists($method)) + $provider = $auth_providers['auth.provider.' . $method]; + if ($error = $provider->init()) { - if ($error = $method()) + foreach ($old_auth_config as $config_name => $config_value) { - foreach ($old_auth_config as $config_name => $config_value) - { - set_config($config_name, $config_value); - } - trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING); + set_config($config_name, $config_value); } + trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING); } set_config('auth_method', basename($cfg_array['auth_method'])); } @@ -683,24 +653,17 @@ class acp_board { $template->assign_var('S_AUTH', true); - foreach ($auth_plugins as $method) + foreach ($auth_providers as $provider) { - if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) - { - $method = 'acp_' . $method; - if (function_exists($method)) - { - $fields = $method($this->new_config); + $fields = $provider->acp($this->new_config); - if ($fields['tpl']) - { - $template->assign_block_vars('auth_tpl', array( - 'TPL' => $fields['tpl']) - ); - } - unset($fields); - } + if ($fields['tpl']) + { + $template->assign_block_vars('auth_tpl', array( + 'TPL' => $fields['tpl'], + )); } + unset($fields); } } } @@ -710,25 +673,15 @@ class acp_board */ function select_auth_method($selected_method, $key = '') { - global $phpbb_root_path, $phpEx; + global $phpbb_root_path, $phpEx, $phpbb_container; $auth_plugins = array(); + $auth_providers = $phpbb_container->get('auth.provider_collection'); - $dp = @opendir($phpbb_root_path . 'includes/auth'); - - if (!$dp) + foreach($auth_providers as $key => $value) { - return ''; - } - - while (($file = readdir($dp)) !== false) - { - if (preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file)) - { - $auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file); - } + $auth_plugins[] = str_replace('auth.provider.', '', $key); } - closedir($dp); sort($auth_plugins); diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index c7c64ae56b..1a083c20ac 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -124,6 +124,8 @@ class acp_captcha 'CAPTCHA_PREVIEW_TPL' => $demo_captcha->get_demo_template($id), 'S_CAPTCHA_HAS_CONFIG' => $demo_captcha->has_config(), 'CAPTCHA_SELECT' => $captcha_select, + + 'U_ACTION' => $this->u_action, )); } } diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 847ccfb3cc..c79699d465 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -591,7 +591,7 @@ class acp_groups $avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true); - if (!$update) + if (isset($phpbb_avatar_manager) && !$update) { // Merge any avatar errors into the primary error array $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index 004187af84..e830479389 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -21,6 +21,7 @@ if (!defined('IN_PHPBB')) class acp_permission_roles { var $u_action; + protected $auth_admin; function main($id, $mode) { @@ -30,7 +31,7 @@ class acp_permission_roles include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); - $auth_admin = new auth_admin(); + $this->auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); add_permission_language(); @@ -210,7 +211,7 @@ class acp_permission_roles } // Now add the auth settings - $auth_admin->acl_set_role($role_id, $auth_settings); + $this->auth_admin->acl_set_role($role_id, $auth_settings); $role_name = (!empty($user->lang[$role_name])) ? $user->lang[$role_name] : $role_name; add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), $role_name); @@ -343,7 +344,7 @@ class acp_permission_roles // Get users/groups/forums using this preset... if ($action == 'edit') { - $hold_ary = $auth_admin->get_role_mask($role_id); + $hold_ary = $this->auth_admin->get_role_mask($role_id); if (sizeof($hold_ary)) { @@ -354,7 +355,7 @@ class acp_permission_roles 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name)) ); - $auth_admin->display_role_mask($hold_ary); + $this->auth_admin->display_role_mask($hold_ary); } } @@ -445,8 +446,8 @@ class acp_permission_roles 'S_DISPLAY_ROLE_MASK' => true) ); - $hold_ary = $auth_admin->get_role_mask($display_item); - $auth_admin->display_role_mask($hold_ary); + $hold_ary = $this->auth_admin->get_role_mask($display_item); + $this->auth_admin->display_role_mask($hold_ary); } } @@ -462,7 +463,7 @@ class acp_permission_roles $auth_options = array(0 => $auth_options); // Making use of auth_admin method here (we do not really want to change two similar code fragments) - auth_admin::build_permission_array($auth_options, $content_array, $categories, $key_sort_array); + $this->auth_admin->build_permission_array($auth_options, $content_array, $categories, $key_sort_array); $content_array = $content_array[0]; @@ -500,8 +501,6 @@ class acp_permission_roles { global $db; - $auth_admin = new auth_admin(); - // Get complete auth array $sql = 'SELECT auth_option, auth_option_id FROM ' . ACL_OPTIONS_TABLE . " @@ -529,19 +528,19 @@ class acp_permission_roles $db->sql_freeresult($result); // Get role assignments - $hold_ary = $auth_admin->get_role_mask($role_id); + $hold_ary = $this->auth_admin->get_role_mask($role_id); // Re-assign permissions foreach ($hold_ary as $forum_id => $forum_ary) { if (isset($forum_ary['users'])) { - $auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false); + $this->auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false); } if (isset($forum_ary['groups'])) { - $auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false); + $this->auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false); } } @@ -563,6 +562,6 @@ class acp_permission_roles WHERE role_id = ' . $role_id; $db->sql_query($sql); - $auth_admin->acl_clear_prefetch(); + $this->auth_admin->acl_clear_prefetch(); } } diff --git a/phpBB/includes/auth/auth.php b/phpBB/includes/auth/auth.php index 2535247571..279959974d 100644 --- a/phpBB/includes/auth/auth.php +++ b/phpBB/includes/auth/auth.php @@ -927,15 +927,14 @@ class phpbb_auth */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { - global $config, $db, $user, $phpbb_root_path, $phpEx; + global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; $method = trim(basename($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'login_' . $method; - if (function_exists($method)) + $provider = $phpbb_container->get('auth.provider.' . $method); + if ($provider) { - $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for); + $login = $provider->login($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php deleted file mode 100644 index 10b288aa09..0000000000 --- a/phpBB/includes/auth/auth_apache.php +++ /dev/null @@ -1,247 +0,0 @@ -<?php -/** -* Apache auth plug-in for phpBB3 -* -* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. -* -* @package login -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* Checks whether the user is identified to apache -* Only allow changing authentication to apache if the user is identified -* Called in acp_board while setting authentication plugins -* -* @return boolean|string false if the user is identified and else an error message -*/ -function init_apache() -{ - global $user, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) - { - return $user->lang['APACHE_SETUP_BEFORE_USE']; - } - return false; -} - -/** -* Login function -*/ -function login_apache(&$username, &$password) -{ - global $db, $request; - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); - - if (!empty($php_auth_user) && !empty($php_auth_pw)) - { - if ($php_auth_user !== $username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // this is the user's first login so create an empty profile - return array( - 'status' => LOGIN_SUCCESS_CREATE_PROFILE, - 'error_msg' => false, - 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), - ); - } - - // Not logged into apache - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', - 'user_row' => array('user_id' => ANONYMOUS), - ); -} - -/** -* Autologin function -* -* @return array containing the user row or empty if no auto login should take place -*/ -function autologin_apache() -{ - global $db, $request; - - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - return array(); - } - - $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); - $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); - - if (!empty($php_auth_user) && !empty($php_auth_pw)) - { - set_var($php_auth_user, $php_auth_user, 'string', true); - set_var($php_auth_pw, $php_auth_pw, 'string', true); - - $sql = 'SELECT * - FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; - } - - if (!function_exists('user_add')) - { - global $phpbb_root_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - } - - // create the user if he does not exist yet - user_add(user_row_apache($php_auth_user, $php_auth_pw)); - - $sql = 'SELECT * - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - return $row; - } - } - - return array(); -} - -/** -* This function generates an array which can be passed to the user_add function in order to create a user -*/ -function user_row_apache($username, $password) -{ - global $db, $config, $user; - // first retrieve default group id - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - trigger_error('NO_GROUP'); - } - - // generate user account data - return array( - 'username' => $username, - 'user_password' => phpbb_hash($password), - 'user_email' => '', - 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, - ); -} - -/** -* The session validation function checks whether the user is still logged in -* -* @return boolean true if the given user is authenticated or false if the session should be closed -*/ -function validate_session_apache(&$user) -{ - global $request; - - // Check if PHP_AUTH_USER is set and handle this case - if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) - { - $php_auth_user = $request->server('PHP_AUTH_USER'); - - return ($php_auth_user === $user['username']) ? true : false; - } - - // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) - if ($user['user_type'] == USER_IGNORE) - { - return true; - } - - return false; -} diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php deleted file mode 100644 index ac944532a5..0000000000 --- a/phpBB/includes/auth/auth_db.php +++ /dev/null @@ -1,289 +0,0 @@ -<?php -/** -* Database auth plug-in for phpBB3 -* -* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. -* -* This is for authentication via the integrated user table -* -* @package login -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* Login function -* -* @param string $username -* @param string $password -* @param string $ip IP address the login is taking place from. Used to -* limit the number of login attempts per IP address. -* @param string $browser The user agent used to login -* @param string $forwarded_for X_FORWARDED_FOR header sent with login request -* @return array A associative array of the format -* array( -* 'status' => status constant -* 'error_msg' => string -* 'user_row' => array -* ) -*/ -function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '') -{ - global $db, $config; - global $request; - - // Auth plugins get the password untrimmed. - // For compatibility we trim() here. - $password = trim($password); - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $username_clean = utf8_clean_string($username); - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (($ip && !$config['ip_login_limit_use_forwarded']) || - ($forwarded_for && $config['ip_login_limit_use_forwarded'])) - { - $sql = 'SELECT COUNT(*) AS attempts - FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); - if ($config['ip_login_limit_use_forwarded']) - { - $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; - } - else - { - $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; - } - - $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('attempts'); - $db->sql_freeresult($result); - - $attempt_data = array( - 'attempt_ip' => $ip, - 'attempt_browser' => trim(substr($browser, 0, 149)), - 'attempt_forwarded_for' => $forwarded_for, - 'attempt_time' => time(), - 'user_id' => ($row) ? (int) $row['user_id'] : 0, - 'username' => $username, - 'username_clean' => $username_clean, - ); - $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); - $result = $db->sql_query($sql); - } - else - { - $attempts = 0; - } - - if (!$row) - { - if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || - ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); - - // If there are too much login attempts, we need to check for an confirm image - // Every auth module is able to define what to do by itself... - if ($show_captcha) - { - // Visual Confirmation handling - if (!class_exists('phpbb_captcha_factory', false)) - { - global $phpbb_root_path, $phpEx; - include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); - } - - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); - $captcha->init(CONFIRM_LOGIN); - $vc_response = $captcha->validate($row); - if ($vc_response) - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => $row, - ); - } - else - { - $captcha->reset(); - } - - } - - // If the password convert flag is set we need to convert it - if ($row['user_pass_convert']) - { - // enable super globals to get literal value - // this is needed to prevent unicode normalization - $super_globals_disabled = $request->super_globals_disabled(); - if ($super_globals_disabled) - { - $request->enable_super_globals(); - } - - // in phpBB2 passwords were used exactly as they were sent, with addslashes applied - $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; - $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $request->variable('password', '', true); - - if ($super_globals_disabled) - { - $request->disable_super_globals(); - } - - if ($password == $password_new_format) - { - if (!function_exists('utf8_to_cp1252')) - { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); - } - - // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding - // plain md5 support left in for conversions from other systems. - if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) - || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) - { - $hash = phpbb_hash($password_new_format); - - // Update the password in the users table to the new format and remove user_pass_convert flag - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $db->sql_escape($hash) . '\', - user_pass_convert = 0 - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - - $row['user_pass_convert'] = 0; - $row['user_password'] = $hash; - } - else - { - // Although we weren't able to convert this password we have to - // increase login attempt count to make sure this cannot be exploited - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); - - return array( - 'status' => LOGIN_ERROR_PASSWORD_CONVERT, - 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', - 'user_row' => $row, - ); - } - } - } - - // Check password ... - if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) - { - // Check for old password hash... - if (strlen($row['user_password']) == 32) - { - $hash = phpbb_hash($password); - - // Update the password in the users table to the new format - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $db->sql_escape($hash) . "', - user_pass_convert = 0 - WHERE user_id = {$row['user_id']}"; - $db->sql_query($sql); - - $row['user_password'] = $hash; - } - - $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - - if ($row['user_login_attempts'] != 0) - { - // Successful, reset login attempts (the user passed all stages) - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = 0 - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - } - - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... set user_login_attempts to zero... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // Password incorrect - increase login attempts - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $db->sql_query($sql); - - // Give status about wrong password... - return array( - 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, - 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', - 'user_row' => $row, - ); -} diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php deleted file mode 100644 index 98355dd044..0000000000 --- a/phpBB/includes/auth/auth_ldap.php +++ /dev/null @@ -1,350 +0,0 @@ -<?php -/** -* -* LDAP auth plug-in for phpBB3 -* -* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. -* -* @package login -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* Connect to ldap server -* Only allow changing authentication to ldap if we can connect to the ldap server -* Called in acp_board while setting authentication plugins -*/ -function init_ldap() -{ - global $config, $user; - - if (!@extension_loaded('ldap')) - { - return $user->lang['LDAP_NO_LDAP_EXTENSION']; - } - - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) - { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); - } - else - { - $ldap = @ldap_connect($config['ldap_server']); - } - - if (!$ldap) - { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; - } - - @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - - if ($config['ldap_user'] || $config['ldap_password']) - { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) - { - return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; - } - } - - // ldap_connect only checks whether the specified server is valid, so the connection might still fail - $search = @ldap_search( - $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($user->data['username']), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), - 0, - 1 - ); - - if ($search === false) - { - return $user->lang['LDAP_SEARCH_FAILED']; - } - - $result = @ldap_get_entries($ldap, $search); - - @ldap_close($ldap); - - - if (!is_array($result) || sizeof($result) < 2) - { - return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); - } - - if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) - { - return $user->lang['LDAP_NO_EMAIL']; - } - - return false; -} - -/** -* Login function -*/ -function login_ldap(&$username, &$password) -{ - global $db, $config, $user; - - // do not allow empty password - if (!$password) - { - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'NO_PASSWORD_SUPPLIED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!$username) - { - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - if (!@extension_loaded('ldap')) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $config['ldap_port'] = (int) $config['ldap_port']; - if ($config['ldap_port']) - { - $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); - } - else - { - $ldap = @ldap_connect($config['ldap_server']); - } - - if (!$ldap) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); - - if ($config['ldap_user'] || $config['ldap_password']) - { - if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - } - - $search = @ldap_search( - $ldap, - htmlspecialchars_decode($config['ldap_base_dn']), - ldap_user_filter($username), - (empty($config['ldap_email'])) ? - array(htmlspecialchars_decode($config['ldap_uid'])) : - array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), - 0, - 1 - ); - - $ldap_result = @ldap_get_entries($ldap, $search); - - if (is_array($ldap_result) && sizeof($ldap_result) > 1) - { - if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) - { - @ldap_close($ldap); - - $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - unset($ldap_result); - - // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) - { - return array( - 'status' => LOGIN_ERROR_ACTIVE, - 'error_msg' => 'ACTIVE_ERROR', - 'user_row' => $row, - ); - } - - // Successful login... set user_login_attempts to zero... - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - else - { - // retrieve default group id - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - trigger_error('NO_GROUP'); - } - - // generate user account data - $ldap_user_row = array( - 'username' => $username, - 'user_password' => phpbb_hash($password), - 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', - 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, - 'user_ip' => $user->ip, - 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, - ); - - unset($ldap_result); - - // this is the user's first login so create an empty profile - return array( - 'status' => LOGIN_SUCCESS_CREATE_PROFILE, - 'error_msg' => false, - 'user_row' => $ldap_user_row, - ); - } - } - else - { - unset($ldap_result); - @ldap_close($ldap); - - // Give status about wrong password... - return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'LOGIN_ERROR_PASSWORD', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - } - - @ldap_close($ldap); - - return array( - 'status' => LOGIN_ERROR_USERNAME, - 'error_msg' => 'LOGIN_ERROR_USERNAME', - 'user_row' => array('user_id' => ANONYMOUS), - ); -} - -/** -* Generates a filter string for ldap_search to find a user -* -* @param $username string Username identifying the searched user -* -* @return string A filter string for ldap_search -*/ -function ldap_user_filter($username) -{ - global $config; - - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; - if ($config['ldap_user_filter']) - { - $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; - $filter = "(&{$filter}{$_filter})"; - } - return $filter; -} - -/** -* Escapes an LDAP AttributeValue -*/ -function ldap_escape($string) -{ - return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); -} - -/** -* This function is used to output any required fields in the authentication -* admin panel. It also defines any required configuration table fields. -*/ -function acp_ldap(&$new) -{ - global $user; - - $tpl = ' - - <dl> - <dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_port">' . $user->lang['LDAP_PORT'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_PORT_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_port" size="40" name="config[ldap_port]" value="' . $new['ldap_port'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> - <dd><input type="email" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd> - </dl> - <dl> - <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . $user->lang['COLON'] . '</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> - <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd> - </dl> - '; - - // These are fields required in the config table - return array( - 'tpl' => $tpl, - 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') - ); -} diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php new file mode 100644 index 0000000000..5f6f2862b6 --- /dev/null +++ b/phpBB/includes/auth/provider_apache.php @@ -0,0 +1,275 @@ +<?php +/** +* +* @package auth +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** + * Apache authentication provider for phpBB3 + * + * @package auth + */ +class phpbb_auth_provider_apache implements phpbb_auth_provider_interface +{ + /** + * Apache Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $php_ext + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + } + + /** + * {@inheritdoc} + */ + public function init() + { + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'))) + { + return $this->user->lang['APACHE_SETUP_BEFORE_USE']; + } + return false; + } + + /** + * {@inheritdoc} + */ + public function login($username, $password) + { + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW')); + + if (!empty($php_auth_user) && !empty($php_auth_pw)) + { + if ($php_auth_user !== $username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type + FROM ' . USERS_TABLE . " + WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), + ); + } + + // Not logged into apache + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + /** + * {@inheritdoc} + */ + public function autologin() + { + if (!$this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + return array(); + } + + $php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW')); + + if (!empty($php_auth_user) && !empty($php_auth_pw)) + { + set_var($php_auth_user, $php_auth_user, 'string', true); + set_var($php_auth_pw, $php_auth_pw, 'string', true); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; + } + + if (!function_exists('user_add')) + { + include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); + } + + // create the user if he does not exist yet + user_add(user_row_apache($php_auth_user, $php_auth_pw)); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + return $row; + } + } + + return array(); + } + + /** + * This function generates an array which can be passed to the user_add + * function in order to create a user + * + * @param string $username The username of the new user. + * @param string $password The password of the new user. + * @return array Contains data that can be passed directly to + * the user_add function. + */ + private function user_row($username, $password) + { + // first retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + return array( + 'username' => $username, + 'user_password' => phpbb_hash($password), + 'user_email' => '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $this->user->ip, + 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, + ); + } + + /** + * {@inheritdoc} + */ + public function validate_session($user) + { + // Check if PHP_AUTH_USER is set and handle this case + if ($this->request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) + { + $php_auth_user = $this->request->server('PHP_AUTH_USER'); + + return ($php_auth_user === $user['username']) ? true : false; + } + + // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) + if ($user['user_type'] == USER_IGNORE) + { + return true; + } + + return false; + } + + /** + * {@inheritdoc} + */ + public function acp($new) + { + return; + } + + /** + * {@inheritdoc} + */ + public function logout($data, $new_session) + { + return; + } +} diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php new file mode 100644 index 0000000000..894041c9cf --- /dev/null +++ b/phpBB/includes/auth/provider_db.php @@ -0,0 +1,337 @@ +<?php +/** +* +* @package auth +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** + * Database authentication provider for phpBB3 + * + * This is for authentication via the integrated user table + * + * @package auth + */ +class phpbb_auth_provider_db implements phpbb_auth_provider_interface +{ + + /** + * Database Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_request $request + * @param phpbb_user $user + * @param string $phpbb_root_path + * @param string $php_ext + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $phpbb_root_path, $php_ext) + { + $this->db = $db; + $this->config = $config; + $this->request = $request; + $this->user = $user; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + } + + /** + * {@inheritdoc} + */ + public function init() + { + return; + } + + /** + * {@inheritdoc} + */ + public function login($username, $password) + { + // Auth plugins get the password untrimmed. + // For compatibility we trim() here. + $password = trim($password); + + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $username_clean = utf8_clean_string($username); + + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) || + ($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded'])) + { + $sql = 'SELECT COUNT(*) AS attempts + FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']); + if ($this->config['ip_login_limit_use_forwarded']) + { + $sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'"; + } + else + { + $sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' "; + } + + $result = $this->db->sql_query($sql); + $attempts = (int) $this->db->sql_fetchfield('attempts'); + $this->db->sql_freeresult($result); + + $attempt_data = array( + 'attempt_ip' => $this->user->ip, + 'attempt_browser' => trim(substr($this->user->browser, 0, 149)), + 'attempt_forwarded_for' => $this->user->forwarded_for, + 'attempt_time' => time(), + 'user_id' => ($row) ? (int) $row['user_id'] : 0, + 'username' => $username, + 'username_clean' => $username_clean, + ); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); + $result = $this->db->sql_query($sql); + } + else + { + $attempts = 0; + } + + if (!$row) + { + if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) || + ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']); + + // If there are too many login attempts, we need to check for a confirm image + // Every auth module is able to define what to do by itself... + if ($show_captcha) + { + // Visual Confirmation handling + if (!class_exists('phpbb_captcha_factory', false)) + { + include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->php_ext); + } + + $captcha = phpbb_captcha_factory::get_instance($this->config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + $vc_response = $captcha->validate($row); + if ($vc_response) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => $row, + ); + } + else + { + $captcha->reset(); + } + + } + + // If the password convert flag is set we need to convert it + if ($row['user_pass_convert']) + { + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $this->request->super_globals_disabled(); + if ($super_globals_disabled) + { + $this->request->enable_super_globals(); + } + + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_new_format = $this->request->variable('password', '', true); + + if ($super_globals_disabled) + { + $this->request->disable_super_globals(); + } + + if ($password == $password_new_format) + { + if (!function_exists('utf8_to_cp1252')) + { + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); + } + + // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding + // plain md5 support left in for conversions from other systems. + if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) + || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) + { + $hash = phpbb_hash($password_new_format); + + // Update the password in the users table to the new format and remove user_pass_convert flag + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_password = \'' . $this->db->sql_escape($hash) . '\', + user_pass_convert = 0 + WHERE user_id = ' . $row['user_id']; + $this->db->sql_query($sql); + + $row['user_pass_convert'] = 0; + $row['user_password'] = $hash; + } + else + { + // Although we weren't able to convert this password we have to + // increase login attempt count to make sure this cannot be exploited + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = user_login_attempts + 1 + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; + $this->db->sql_query($sql); + + return array( + 'status' => LOGIN_ERROR_PASSWORD_CONVERT, + 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', + 'user_row' => $row, + ); + } + } + } + + // Check password ... + if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) + { + // Check for old password hash... + if (strlen($row['user_password']) == 32) + { + $hash = phpbb_hash($password); + + // Update the password in the users table to the new format + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_password = '" . $this->db->sql_escape($hash) . "', + user_pass_convert = 0 + WHERE user_id = {$row['user_id']}"; + $this->db->sql_query($sql); + + $row['user_password'] = $hash; + } + + $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE user_id = ' . $row['user_id']; + $this->db->sql_query($sql); + + if ($row['user_login_attempts'] != 0) + { + // Successful, reset login attempts (the user passed all stages) + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = 0 + WHERE user_id = ' . $row['user_id']; + $this->db->sql_query($sql); + } + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // Password incorrect - increase login attempts + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_attempts = user_login_attempts + 1 + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; + $this->db->sql_query($sql); + + // Give status about wrong password... + return array( + 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, + 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', + 'user_row' => $row, + ); + } + + /** + * {@inheritdoc} + */ + public function autologin() + { + return; + } + + /** + * {@inheritdoc} + */ + public function acp($new) + { + return; + } + + /** + * {@inheritdoc} + */ + public function logout($data, $new_session) + { + return; + } + + /** + * {@inheritdoc} + */ + public function validate_session($user) + { + return; + } +} diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php new file mode 100644 index 0000000000..2d1935f8f0 --- /dev/null +++ b/phpBB/includes/auth/provider_interface.php @@ -0,0 +1,93 @@ +<?php +/** +* +* @package auth +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** + * The interface authentication provider classes have to implement. + * + * @package auth + */ +interface phpbb_auth_provider_interface +{ + /** + * Checks whether the user is currently identified to the authentication + * provider. + * Called in acp_board while setting authentication plugins. + * Changing to an authentication provider will not be permitted in acp_board + * if there is an error. + * + * @return boolean|string False if the user is identified, otherwise an + * error message, or null if not implemented. + */ + public function init(); + + /** + * Performs login. + * + * @param string $username The name of the user being authenticated. + * @param string $password The password of the user. + * @return array An associative array of the format: + * array( + * 'status' => status constant + * 'error_msg' => string + * 'user_row' => array + * ) + */ + public function login($username, $password); + + /** + * Autologin function + * + * @return array|null containing the user row, empty if no auto login + * should take place, or null if not impletmented. + */ + public function autologin(); + + /** + * This function is used to output any required fields in the authentication + * admin panel. It also defines any required configuration table fields. + * + * @param array $new Contains the new configuration values that have + * been set in acp_board. + * @return array|null Returns null if not implemented or an array of the + * form: + * array( + * 'tpl' => string + * 'config' => array + * ) + */ + public function acp($new); + + /** + * Performs additional actions during logout. + * + * @param array $data An array corresponding to + * phpbb_session::data + * @param boolean $new_session True for a new session, false for no new + * session. + */ + public function logout($data, $new_session); + + /** + * The session validation function checks whether the user is still logged + * into phpBB. + * + * @param array $user + * @return boolean true if the given user is authenticated, false if the + * session should be closed, or null if not implemented. + */ + public function validate_session($user); +} diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php new file mode 100644 index 0000000000..f67c1e9247 --- /dev/null +++ b/phpBB/includes/auth/provider_ldap.php @@ -0,0 +1,386 @@ +<?php +/** +* +* @package auth +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** + * Database authentication provider for phpBB3 + * + * This is for authentication via the integrated user table + * + * @package auth + */ +class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface +{ + /** + * LDAP Authentication Constructor + * + * @param phpbb_db_driver $db + * @param phpbb_config $config + * @param phpbb_user $user + */ + public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_user $user) + { + $this->db = $db; + $this->config = $config; + $this->user = $user; + } + + /** + * {@inheritdoc} + */ + public function init() + { + if (!@extension_loaded('ldap')) + { + return $this->user->lang['LDAP_NO_LDAP_EXTENSION']; + } + + $this->config['ldap_port'] = (int) $this->config['ldap_port']; + if ($this->config['ldap_port']) + { + $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); + } + else + { + $ldap = @ldap_connect($this->config['ldap_server']); + } + + if (!$ldap) + { + return $this->user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if ($this->config['ldap_user'] || $this->config['ldap_password']) + { + if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) + { + return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD']; + } + } + + // ldap_connect only checks whether the specified server is valid, so the connection might still fail + $search = @ldap_search( + $ldap, + htmlspecialchars_decode($this->config['ldap_base_dn']), + $this->ldap_user_filter($this->user->data['username']), + (empty($this->config['ldap_email'])) ? + array(htmlspecialchars_decode($this->config['ldap_uid'])) : + array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), + 0, + 1 + ); + + if ($search === false) + { + return $this->user->lang['LDAP_SEARCH_FAILED']; + } + + $result = @ldap_get_entries($ldap, $search); + + @ldap_close($ldap); + + + if (!is_array($result) || sizeof($result) < 2) + { + return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']); + } + + if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])])) + { + return $this->user->lang['LDAP_NO_EMAIL']; + } + + return false; + } + + /** + * {@inheritdoc} + */ + public function login($username, $password) + { + // do not allow empty password + if (!$password) + { + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'NO_PASSWORD_SUPPLIED', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!$username) + { + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + if (!@extension_loaded('ldap')) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + $this->config['ldap_port'] = (int) $this->config['ldap_port']; + if ($this->config['ldap_port']) + { + $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); + } + else + { + $ldap = @ldap_connect($this->config['ldap_server']); + } + + if (!$ldap) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if ($this->config['ldap_user'] || $this->config['ldap_password']) + { + if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) + { + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + } + + $search = @ldap_search( + $ldap, + htmlspecialchars_decode($this->config['ldap_base_dn']), + $this->ldap_user_filter($username), + (empty($this->config['ldap_email'])) ? + array(htmlspecialchars_decode($this->config['ldap_uid'])) : + array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), + 0, + 1 + ); + + $ldap_result = @ldap_get_entries($ldap, $search); + + if (is_array($ldap_result) && sizeof($ldap_result) > 1) + { + if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) + { + @ldap_close($ldap); + + $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + unset($ldap_result); + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + else + { + // retrieve default group id + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' + AND group_type = " . GROUP_SPECIAL; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (!$row) + { + trigger_error('NO_GROUP'); + } + + // generate user account data + $ldap_user_row = array( + 'username' => $username, + 'user_password' => phpbb_hash($password), + 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', + 'group_id' => (int) $row['group_id'], + 'user_type' => USER_NORMAL, + 'user_ip' => $this->user->ip, + 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, + ); + + unset($ldap_result); + + // this is the user's first login so create an empty profile + return array( + 'status' => LOGIN_SUCCESS_CREATE_PROFILE, + 'error_msg' => false, + 'user_row' => $ldap_user_row, + ); + } + } + else + { + unset($ldap_result); + @ldap_close($ldap); + + // Give status about wrong password... + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'LOGIN_ERROR_PASSWORD', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + } + + @ldap_close($ldap); + + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + /** + * {@inheritdoc} + */ + public function autologin() + { + return; + } + + /** + * {@inheritdoc} + */ + public function acp($new) + { + $tpl = ' + + <dl> + <dt><label for="ldap_server">' . $this->user->lang['LDAP_SERVER'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_port">' . $this->user->lang['LDAP_PORT'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_PORT_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_port" size="40" name="config[ldap_port]" value="' . $new['ldap_port'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_dn">' . $this->user->lang['LDAP_DN'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_DN_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_uid">' . $this->user->lang['LDAP_UID'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_UID_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_user_filter">' . $this->user->lang['LDAP_USER_FILTER'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_email">' . $this->user->lang['LDAP_EMAIL'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> + <dd><input type="email" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_user">' . $this->user->lang['LDAP_USER'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_USER_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_password">' . $this->user->lang['LDAP_PASSWORD'] . $this->user->lang['COLON'] . '</label><br /><span>' . $this->user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> + <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd> + </dl> + '; + + // These are fields required in the config table + return array( + 'tpl' => $tpl, + 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') + ); + } + + /** + * Generates a filter string for ldap_search to find a user + * + * @param $username string Username identifying the searched user + * + * @return string A filter string for ldap_search + */ + private function ldap_user_filter($username) + { + $filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; + if ($this->config['ldap_user_filter']) + { + $_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})"; + $filter = "(&{$filter}{$_filter})"; + } + return $filter; + } + + /** + * Escapes an LDAP AttributeValue + * + * @param string $string The string to be escaped + * @return string The escaped string + */ + private function ldap_escape($string) + { + return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); + } + + /** + * {@inheritdoc} + */ + public function logout($data, $new_session) + { + return; + } + + /** + * {@inheritdoc} + */ + public function validate_session($user) + { + return; + } +} diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 8c27d3fd0c..96011f4ec5 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -156,6 +156,7 @@ define('PHYSICAL_LINK', 2); define('CONFIRM_REG', 1); define('CONFIRM_LOGIN', 2); define('CONFIRM_POST', 3); +define('CONFIRM_REPORT', 4); // Categories - Attachments define('ATTACHMENT_CATEGORY_NONE', 0); diff --git a/phpBB/includes/db/driver/mssql_odbc.php b/phpBB/includes/db/driver/mssql_odbc.php index cde9d332ba..a1d1a5d5dd 100644 --- a/phpBB/includes/db/driver/mssql_odbc.php +++ b/phpBB/includes/db/driver/mssql_odbc.php @@ -253,7 +253,7 @@ class phpbb_db_driver_mssql_odbc extends phpbb_db_driver_mssql_base * Fetch current row * @note number of bytes returned depends on odbc.defaultlrl php.ini setting. If it is limited to 4K for example only 4K of data is returned max. */ - function sql_fetchrow($query_id = false, $debug = false) + function sql_fetchrow($query_id = false) { global $cache; diff --git a/phpBB/includes/db/driver/mssqlnative.php b/phpBB/includes/db/driver/mssqlnative.php index 6f433e10cf..28fc88298a 100644 --- a/phpBB/includes/db/driver/mssqlnative.php +++ b/phpBB/includes/db/driver/mssqlnative.php @@ -326,7 +326,7 @@ class phpbb_db_driver_mssqlnative extends phpbb_db_driver_mssql_base $this->sql_report('stop', $query); } - if ($cache_ttl) + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); @@ -394,7 +394,7 @@ class phpbb_db_driver_mssqlnative extends phpbb_db_driver_mssql_base */ function sql_affectedrows() { - return (!empty($this->query_result)) ? @sqlsrv_rows_affected($this->query_result) : false; + return ($this->db_connect_id) ? @sqlsrv_rows_affected($this->query_result) : false; } /** @@ -409,7 +409,7 @@ class phpbb_db_driver_mssqlnative extends phpbb_db_driver_mssql_base $query_id = $this->query_result; } - if ($cache->sql_exists($query_id)) + if ($cache && $cache->sql_exists($query_id)) { return $cache->sql_fetchrow($query_id); } @@ -474,9 +474,9 @@ class phpbb_db_driver_mssqlnative extends phpbb_db_driver_mssql_base return $cache->sql_freeresult($query_id); } - if (isset($this->open_queries[$query_id])) + if (isset($this->open_queries[(int) $query_id])) { - unset($this->open_queries[$query_id]); + unset($this->open_queries[(int) $query_id]); return @sqlsrv_free_stmt($query_id); } return false; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b087e1298b..6a1b3fd4f8 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2345,9 +2345,8 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam $tpl_prefix . 'BASE_URL' => $base_url, 'A_' . $tpl_prefix . 'BASE_URL' => addslashes($base_url), $tpl_prefix . 'PER_PAGE' => $per_page, - $tpl_prefix . 'PREVIOUS_PAGE' => $previous_page, - $tpl_prefix . 'PREV_PAGE' => $previous_page, - $tpl_prefix . 'NEXT_PAGE' => ($on_page != $total_pages) ? $base_url . $url_delim . $start_name . '=' . ($on_page * $per_page) : '', + 'U_' . $tpl_prefix . 'PREVIOUS_PAGE' => $previous_page, + 'U_' . $tpl_prefix . 'NEXT_PAGE' => ($on_page != $total_pages) ? $base_url . $url_delim . $start_name . '=' . ($on_page * $per_page) : '', $tpl_prefix . 'TOTAL_PAGES' => $total_pages, $tpl_prefix . 'CURRENT_PAGE' => $on_page, ); diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index ee4e2f5135..0a8000ea3d 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -46,7 +46,7 @@ function send_avatar_to_browser($file, $browser) $image_data = @getimagesize($file_path); header('Content-Type: ' . image_type_to_mime_type($image_data[2])); - if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false) + if ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($browser, 7)) { header('Content-Disposition: attachment; ' . header_filename($file)); @@ -174,10 +174,9 @@ function send_file_to_browser($attachment, $upload_dir, $category) header('Pragma: public'); // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. - $is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false); header('Content-Type: ' . $attachment['mimetype']); - if ($is_ie8) + if (phpbb_is_greater_ie_version($user->browser, 7)) { header('X-Content-Type-Options: nosniff'); } @@ -189,7 +188,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) } else { - if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false))) + if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))) { header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false)) @@ -200,7 +199,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) else { header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); - if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0)) + if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0)) { header('X-Download-Options: noopen'); } @@ -410,7 +409,8 @@ function set_modified_headers($stamp, $browser) // let's see if we have to send the file at all $last_load = $request->header('Modified-Since') ? strtotime(trim($request->header('Modified-Since'))) : false; - if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false)) + + if (strpos(strtolower($browser), 'msie 6.0') === false && !phpbb_is_greater_ie_version($browser, 7)) { if ($last_load !== false && $last_load >= $stamp) { @@ -721,3 +721,24 @@ function phpbb_download_clean_filename($filename) return $filename; } + +/** +* Check if the browser is internet explorer version 7+ +* +* @param string $user_agent User agent HTTP header +* @param int $version IE version to check against +* +* @return bool true if internet explorer version is greater than $version +*/ +function phpbb_is_greater_ie_version($user_agent, $version) +{ + if (preg_match('/msie (\d+)/', strtolower($user_agent), $matches)) + { + $ie_version = (int) $matches[1]; + return ($ie_version > $version); + } + else + { + return false; + } +} diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 7b11e4f01b..1b598f7bf7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1653,7 +1653,7 @@ function validate_username($username, $allowed_username = false) */ function validate_password($password) { - global $config, $db, $user; + global $config; if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') { diff --git a/phpBB/includes/search/fulltext_sphinx.php b/phpBB/includes/search/fulltext_sphinx.php index 63e35eb4af..889324bbda 100644 --- a/phpBB/includes/search/fulltext_sphinx.php +++ b/phpBB/includes/search/fulltext_sphinx.php @@ -611,7 +611,7 @@ class phpbb_search_fulltext_sphinx $result_count = $result['total_found']; - if ($start >= $result_count) + if ($result_count && $start >= $result_count) { $start = floor(($result_count - 1) / $per_page) * $per_page; diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6bc71da0c1..66bf053f7d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -207,7 +207,7 @@ class phpbb_session function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; - global $request; + global $request, $phpbb_container; // Give us some basic information $this->time_now = time(); @@ -402,15 +402,12 @@ class phpbb_session // Check whether the session is still valid if we have one $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'validate_session_' . $method; - if (function_exists($method)) + $provider = $phpbb_container->get('auth.provider.' . $method); + $ret = $provider->validate_session($this->data); + if ($ret !== null && !$ret) { - if (!$method($this->data)) - { - $session_expired = true; - } + $session_expired = true; } if (!$session_expired) @@ -504,7 +501,7 @@ class phpbb_session */ function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) { - global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container; $this->data = array(); @@ -568,18 +565,14 @@ class phpbb_session } $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'autologin_' . $method; - if (function_exists($method)) - { - $this->data = $method(); + $provider = $phpbb_container->get('auth.provider.' . $method); + $this->data = $provider->autologin(); - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; } // If we're presented with an autologin key we'll join against it. @@ -884,7 +877,7 @@ class phpbb_session */ function session_kill($new_session = true) { - global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "' @@ -893,13 +886,9 @@ class phpbb_session // Allow connecting logout with external auth method logout $method = basename(trim($config['auth_method'])); - include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'logout_' . $method; - if (function_exists($method)) - { - $method($this->data, $new_session); - } + $provider = $phpbb_container->get('auth.provider.' . $method); + $provider->logout($this->data, $new_session); if ($this->data['user_id'] != ANONYMOUS) { diff --git a/phpBB/includes/template/filter.php b/phpBB/includes/template/filter.php index f2bd442010..1c0a56c9f5 100644 --- a/phpBB/includes/template/filter.php +++ b/phpBB/includes/template/filter.php @@ -475,6 +475,7 @@ class phpbb_template_filter extends php_user_filter */ private function compile_var_tags(&$text_blocks) { + $is_expr = null; $text_blocks = $this->get_varref($text_blocks, $is_expr); $lang_replaced = $this->compile_language_tags($text_blocks); diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index af08533a7d..aada0525a8 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -691,7 +691,7 @@ class ucp_groups } } - if (!$update) + if (isset($phpbb_avatar_manager) && !$update) { // Merge any avatars errors into the primary error array $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 5bf3f572d9..3d7b6f7c88 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -53,7 +53,7 @@ class install_install extends module function main($mode, $sub) { global $lang, $template, $language, $phpbb_root_path, $phpEx; - global $phpbb_container, $cache, $phpbb_log; + global $phpbb_container, $cache, $phpbb_log, $request; switch ($sub) { @@ -102,6 +102,9 @@ class install_install extends module break; case 'final': + // Enable super globals to prevent issues with the new phpbb_request object + $request->enable_super_globals(); + // Create a normal container now $phpbb_container = phpbb_create_default_container($phpbb_root_path, $phpEx); diff --git a/phpBB/report.php b/phpBB/report.php index ce9fae13ef..3f2e7a91ff 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -144,9 +144,25 @@ else $reported_post_enable_magic_url = $report_data['reported_post_enable_magic_url']; } +if ($config['enable_post_confirm'] && !$user->data['is_registered']) +{ + include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_REPORT); +} + +$error = array(); +$s_hidden_fields = ''; + // Submit report? if ($submit && $reason_id) { + $visual_confirmation_response = $captcha->validate(); + if ($visual_confirmation_response) + { + $error[] = $visual_confirmation_response; + } + $sql = 'SELECT * FROM ' . REPORTS_REASONS_TABLE . " WHERE reason_id = $reason_id"; @@ -156,96 +172,108 @@ if ($submit && $reason_id) if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other')) { - trigger_error('EMPTY_REPORT'); + $error[] = $user->lang('EMPTY_REPORT'); } - $sql_ary = array( - 'reason_id' => (int) $reason_id, - 'post_id' => $post_id, - 'pm_id' => $pm_id, - 'user_id' => (int) $user->data['user_id'], - 'user_notify' => (int) $user_notify, - 'report_closed' => 0, - 'report_time' => (int) time(), - 'report_text' => (string) $report_text, - 'reported_post_text' => $reported_post_text, - 'reported_post_uid' => $reported_post_uid, - 'reported_post_bitfield' => $reported_post_bitfield, - 'reported_post_enable_bbcode' => $reported_post_enable_bbcode, - 'reported_post_enable_smilies' => $reported_post_enable_smilies, - 'reported_post_enable_magic_url' => $reported_post_enable_magic_url, - ); - - $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); - $db->sql_query($sql); - $report_id = $db->sql_nextid(); - - $phpbb_notifications = $phpbb_container->get('notification_manager'); - - if ($post_id) + if (!sizeof($error)) { - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_reported = 1 - WHERE post_id = ' . $post_id; - $db->sql_query($sql); - - if (!$report_data['topic_reported']) + if (isset($captcha)) { - $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET topic_reported = 1 - WHERE topic_id = ' . $report_data['topic_id'] . ' - OR topic_moved_id = ' . $report_data['topic_id']; - $db->sql_query($sql); + $captcha->reset(); } - $lang_return = $user->lang['RETURN_TOPIC']; - $lang_success = $user->lang['POST_REPORTED_SUCCESS']; - - $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array( - 'report_text' => $report_text, - ))); - } - else - { - $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' - SET message_reported = 1 - WHERE msg_id = ' . $pm_id; - $db->sql_query($sql); - $sql_ary = array( - 'msg_id' => $pm_id, - 'user_id' => ANONYMOUS, - 'author_id' => (int) $report_data['author_id'], - 'pm_deleted' => 0, - 'pm_new' => 0, - 'pm_unread' => 0, - 'pm_replied' => 0, - 'pm_marked' => 0, - 'pm_forwarded' => 0, - 'folder_id' => PRIVMSGS_INBOX, + 'reason_id' => (int) $reason_id, + 'post_id' => $post_id, + 'pm_id' => $pm_id, + 'user_id' => (int) $user->data['user_id'], + 'user_notify' => (int) $user_notify, + 'report_closed' => 0, + 'report_time' => (int) time(), + 'report_text' => (string) $report_text, + 'reported_post_text' => $reported_post_text, + 'reported_post_uid' => $reported_post_uid, + 'reported_post_bitfield' => $reported_post_bitfield, + 'reported_post_enable_bbcode' => $reported_post_enable_bbcode, + 'reported_post_enable_smilies' => $reported_post_enable_smilies, + 'reported_post_enable_magic_url' => $reported_post_enable_magic_url, ); - $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); + $report_id = $db->sql_nextid(); - $lang_return = $user->lang['RETURN_PM']; - $lang_success = $user->lang['PM_REPORTED_SUCCESS']; + $phpbb_notifications = $phpbb_container->get('notification_manager'); - $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array( - 'report_text' => $report_text, - 'from_user_id' => $report_data['author_id'], - 'report_id' => $report_id, - ))); - } + if ($post_id) + { + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_reported = 1 + WHERE post_id = ' . $post_id; + $db->sql_query($sql); - meta_refresh(3, $redirect_url); + if (!$report_data['topic_reported']) + { + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_reported = 1 + WHERE topic_id = ' . $report_data['topic_id'] . ' + OR topic_moved_id = ' . $report_data['topic_id']; + $db->sql_query($sql); + } + + $lang_return = $user->lang['RETURN_TOPIC']; + $lang_success = $user->lang['POST_REPORTED_SUCCESS']; + + $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array( + 'report_text' => $report_text, + ))); + } + else + { + $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' + SET message_reported = 1 + WHERE msg_id = ' . $pm_id; + $db->sql_query($sql); + + $sql_ary = array( + 'msg_id' => $pm_id, + 'user_id' => ANONYMOUS, + 'author_id' => (int) $report_data['author_id'], + 'pm_deleted' => 0, + 'pm_new' => 0, + 'pm_unread' => 0, + 'pm_replied' => 0, + 'pm_marked' => 0, + 'pm_forwarded' => 0, + 'folder_id' => PRIVMSGS_INBOX, + ); + + $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); + + $lang_return = $user->lang['RETURN_PM']; + $lang_success = $user->lang['PM_REPORTED_SUCCESS']; + + $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array( + 'report_text' => $report_text, + 'from_user_id' => $report_data['author_id'], + 'report_id' => $report_id, + ))); + } + + meta_refresh(3, $redirect_url); - $message = $lang_success . '<br /><br />' . sprintf($lang_return, '<a href="' . $redirect_url . '">', '</a>'); - if ($return_forum_url) + $message = $lang_success . '<br /><br />' . sprintf($lang_return, '<a href="' . $redirect_url . '">', '</a>'); + if ($return_forum_url) + { + $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $return_forum_url . '">', '</a>'); + } + trigger_error($message); + } + else if (isset($captcha) && $captcha->is_solved() !== false) { - $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $return_forum_url . '">', '</a>'); + $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } - trigger_error($message); } // Generate the reasons @@ -253,10 +281,20 @@ display_reasons($reason_id); $page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST']; +if (isset($captcha) && $captcha->is_solved() === false) +{ + $template->assign_vars(array( + 'S_CONFIRM_CODE' => true, + 'CAPTCHA_TEMPLATE' => $captcha->get_template(), + )); +} + $template->assign_vars(array( + 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', 'S_REPORT_POST' => ($pm_id) ? false : true, 'REPORT_TEXT' => $report_text, 'S_REPORT_ACTION' => append_sid("{$phpbb_root_path}report.$phpEx", 'f=' . $forum_id . '&p=' . $post_id . '&pm=' . $pm_id), + 'S_HIDDEN_FIELDS' => (sizeof($s_hidden_fields)) ? $s_hidden_fields : null, 'S_NOTIFY' => $user_notify, 'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false) diff --git a/phpBB/styles/prosilver/template/mcp_forum.html b/phpBB/styles/prosilver/template/mcp_forum.html index ac686932b7..db5525fcd0 100644 --- a/phpBB/styles/prosilver/template/mcp_forum.html +++ b/phpBB/styles/prosilver/template/mcp_forum.html @@ -85,8 +85,8 @@ <!-- ENDIF --> <fieldset class="display-options"> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <label>{L_DISPLAY_TOPICS}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR} <input type="submit" name="sort" value="{L_GO}" class="button2" /></label> diff --git a/phpBB/styles/prosilver/template/mcp_logs.html b/phpBB/styles/prosilver/template/mcp_logs.html index c9db4e8afa..492c8cf201 100644 --- a/phpBB/styles/prosilver/template/mcp_logs.html +++ b/phpBB/styles/prosilver/template/mcp_logs.html @@ -54,8 +54,8 @@ <!-- IF .log --> <fieldset class="display-options"> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <label>{L_DISPLAY_POSTS}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR}</label> diff --git a/phpBB/styles/prosilver/template/mcp_notes_user.html b/phpBB/styles/prosilver/template/mcp_notes_user.html index 328d12a04f..1738e45045 100644 --- a/phpBB/styles/prosilver/template/mcp_notes_user.html +++ b/phpBB/styles/prosilver/template/mcp_notes_user.html @@ -95,8 +95,8 @@ <hr /> <fieldset class="display-options"> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <label>{L_DISPLAY_LOG}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label><label>{S_SELECT_SORT_DIR}</label> <input type="submit" name="sort" value="{L_GO}" class="button2" /> diff --git a/phpBB/styles/prosilver/template/mcp_queue.html b/phpBB/styles/prosilver/template/mcp_queue.html index 4d20804e66..d630606175 100644 --- a/phpBB/styles/prosilver/template/mcp_queue.html +++ b/phpBB/styles/prosilver/template/mcp_queue.html @@ -67,8 +67,8 @@ </ul> <fieldset class="display-options"> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <label>{L_DISPLAY_POSTS}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label><label>{S_SELECT_SORT_DIR}</label> <!-- IF TOPIC_ID --><label><input type="checkbox" class="radio" name="t" value="{TOPIC_ID}" checked="checked" /> <strong>{L_ONLY_TOPIC}</strong></label><!-- ENDIF --> diff --git a/phpBB/styles/prosilver/template/mcp_reports.html b/phpBB/styles/prosilver/template/mcp_reports.html index 9a70b4a62a..902744fe25 100644 --- a/phpBB/styles/prosilver/template/mcp_reports.html +++ b/phpBB/styles/prosilver/template/mcp_reports.html @@ -72,8 +72,8 @@ </ul> <fieldset class="display-options"> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <label>{L_DISPLAY_POSTS}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label><label>{S_SELECT_SORT_DIR}</label> <!-- IF TOPIC_ID --><label><input type="checkbox" class="radio" name="t" value="{TOPIC_ID}" checked="checked" /> <strong>{L_ONLY_TOPIC}</strong></label><!-- ENDIF --> diff --git a/phpBB/styles/prosilver/template/memberlist_body.html b/phpBB/styles/prosilver/template/memberlist_body.html index 17dc2c33c0..07a7e2e182 100644 --- a/phpBB/styles/prosilver/template/memberlist_body.html +++ b/phpBB/styles/prosilver/template/memberlist_body.html @@ -140,8 +140,8 @@ <!-- IF S_IN_SEARCH_POPUP and not S_SEARCH_USER --> <fieldset class="display-options"> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> <label for="sk">{L_SELECT_SORT_METHOD}{L_COLON} <select name="sk" id="sk">{S_MODE_SELECT}</select></label> <label for="sd">{L_ORDER} <select name="sd" id="sd">{S_ORDER_SELECT}</select> <input type="submit" name="sort" value="{L_SUBMIT}" class="button2" /></label> </fieldset> diff --git a/phpBB/styles/prosilver/template/memberlist_search.html b/phpBB/styles/prosilver/template/memberlist_search.html index 61bfd630ff..a4468b4af4 100644 --- a/phpBB/styles/prosilver/template/memberlist_search.html +++ b/phpBB/styles/prosilver/template/memberlist_search.html @@ -74,6 +74,10 @@ function insert_single(user) <dt><label for="msn">{L_MSNM}{L_COLON}</label></dt> <dd><input type="text" name="msn" id="msn" value="{MSNM}" class="inputbox" /></dd> </dl> + <dl> + <dt><label for="jabber">{L_JABBER}:</label></dt> + <dd><input type="text" name="jabber" id="jabber" value="{JABBER}" class="inputbox" /></dd> + </dl> </fieldset> <fieldset class="fields1 column2"> diff --git a/phpBB/styles/prosilver/template/report_body.html b/phpBB/styles/prosilver/template/report_body.html index 4cb03dc51c..2a5e6c9d0e 100644 --- a/phpBB/styles/prosilver/template/report_body.html +++ b/phpBB/styles/prosilver/template/report_body.html @@ -10,6 +10,7 @@ <p><!-- IF S_REPORT_POST -->{L_REPORT_POST_EXPLAIN}<!-- ELSE -->{L_REPORT_MESSAGE_EXPLAIN}<!-- ENDIF --></p> <fieldset> + <!-- IF ERROR --><dl><dd class="error">{ERROR}</dd></dl><!-- ENDIF --> <dl class="fields2"> <dt><label for="reason_id">{L_REASON}{L_COLON}</label></dt> <dd><select name="reason_id" id="reason_id" class="full"><!-- BEGIN reason --><option value="{reason.ID}"<!-- IF reason.S_SELECTED --> selected="selected"<!-- ENDIF -->>{reason.DESCRIPTION}</option><!-- END reason --></select></dd> @@ -27,6 +28,9 @@ <dt><label for="report_text">{L_MORE_INFO}{L_COLON}</label><br /><span>{L_CAN_LEAVE_BLANK}</span></dt> <dd><textarea name="report_text" id="report_text" rows="10" cols="76" class="inputbox">{REPORT_TEXT}</textarea></dd> </dl> + <!-- IF CAPTCHA_TEMPLATE --> + <!-- INCLUDE {CAPTCHA_TEMPLATE} --> + <!-- ENDIF --> </fieldset> </div> diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 1132e5295a..e31c278a4b 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -154,8 +154,8 @@ <form method="post" action="{S_SEARCH_ACTION}"> <fieldset class="display-options"> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> <!-- IF S_SELECT_SORT_DAYS or S_SELECT_SORT_KEY --> <label><!-- IF S_SHOW_TOPICS -->{L_DISPLAY_POSTS}<!-- ELSE -->{L_SORT_BY}</label><label><!-- ENDIF --> {S_SELECT_SORT_DAYS}<!-- IF S_SELECT_SORT_KEY --></label> <label>{S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR}<!-- ENDIF --> <input type="submit" name="sort" value="{L_GO}" class="button2" /></label> diff --git a/phpBB/styles/prosilver/template/ucp_attachments.html b/phpBB/styles/prosilver/template/ucp_attachments.html index 6e1bdfdd57..feb04278dc 100644 --- a/phpBB/styles/prosilver/template/ucp_attachments.html +++ b/phpBB/styles/prosilver/template/ucp_attachments.html @@ -51,8 +51,8 @@ </ul> <fieldset class="display-options"> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <label for="sk">{L_SORT_BY}{L_COLON} <select name="sk" id="sk">{S_SORT_OPTIONS}</select></label> <label><select name="sd" id="sd">{S_ORDER_SELECT}</select></label> <input class="button2" type="submit" name="sort" value="{L_SORT}" /> diff --git a/phpBB/styles/prosilver/template/ucp_pm_viewfolder.html b/phpBB/styles/prosilver/template/ucp_pm_viewfolder.html index 00b735fae6..c5078df268 100644 --- a/phpBB/styles/prosilver/template/ucp_pm_viewfolder.html +++ b/phpBB/styles/prosilver/template/ucp_pm_viewfolder.html @@ -122,8 +122,8 @@ <!-- IF FOLDER_CUR_MESSAGES neq 0 --> <fieldset class="display-options"> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> <label>{L_DISPLAY}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR} <input type="submit" name="sort" value="{L_GO}" class="button2" /></label> diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index dd16b27988..9cbe7bc45a 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -192,8 +192,8 @@ <!-- IF S_SELECT_SORT_DAYS and not S_DISPLAY_ACTIVE --> <form method="post" action="{S_FORUM_ACTION}"> <fieldset class="display-options"> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> <!-- IF not S_IS_BOT --> <label>{L_DISPLAY_TOPICS}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> diff --git a/phpBB/styles/prosilver/template/viewonline_body.html b/phpBB/styles/prosilver/template/viewonline_body.html index cb19a40d8f..74e891f7d0 100644 --- a/phpBB/styles/prosilver/template/viewonline_body.html +++ b/phpBB/styles/prosilver/template/viewonline_body.html @@ -47,9 +47,9 @@ </div> </div> -<!-- IF PREVIOUS_PAGE or NEXT_PAGE --> +<!-- IF U_PREVIOUS_PAGE or U_NEXT_PAGE --> <fieldset class="display-options right-box"> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ELSE -->{L_PREVIOUS}<!-- ENDIF --> • <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ELSE -->{L_NEXT}<!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ELSE -->{L_PREVIOUS}<!-- ENDIF --> • <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ELSE -->{L_NEXT}<!-- ENDIF --> </fieldset> <!-- ENDIF --> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 5f999ade0c..9c0743d04d 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -245,12 +245,12 @@ <!-- IF S_QUICK_REPLY --> <!-- INCLUDE quickreply_editor.html --> <!-- ENDIF --> -<!-- IF S_NUM_POSTS > 1 or PREVIOUS_PAGE or NEXT_PAGE --> +<!-- IF S_NUM_POSTS > 1 or U_PREVIOUS_PAGE or U_NEXT_PAGE --> <form id="viewtopic" method="post" action="{S_TOPIC_ACTION}"> <fieldset class="display-options" style="margin-top: 0; "> - <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> - <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF U_PREVIOUS_PAGE --><a href="{U_PREVIOUS_PAGE}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> + <!-- IF U_NEXT_PAGE --><a href="{U_NEXT_PAGE}" class="right-box arrow-{S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> <!-- IF not S_IS_BOT --> <label>{L_DISPLAY_POSTS}{L_COLON} {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR} <input type="submit" name="sort" value="{L_GO}" class="button2" /></label> diff --git a/phpBB/styles/prosilver/theme/content.css b/phpBB/styles/prosilver/theme/content.css index b6db4c7230..4b8c972697 100644 --- a/phpBB/styles/prosilver/theme/content.css +++ b/phpBB/styles/prosilver/theme/content.css @@ -159,7 +159,7 @@ dl.icon dt .list-inner { } dl.icon dt, dl.icon dd { - min-height: 40px; + min-height: 35px; } dd.posts, dd.topics, dd.views, dd.extra, dd.mark { diff --git a/phpBB/styles/subsilver2/template/report_body.html b/phpBB/styles/subsilver2/template/report_body.html index 9ed510bb9f..906a957ef4 100644 --- a/phpBB/styles/subsilver2/template/report_body.html +++ b/phpBB/styles/subsilver2/template/report_body.html @@ -6,6 +6,11 @@ <tr> <th colspan="2"><!-- IF S_REPORT_POST -->{L_REPORT_POST}<!-- ELSE -->{L_REPORT_MESSAGE}<!-- ENDIF --></th> </tr> +<!-- IF ERROR --> + <tr> + <td class="row3" colspan="2" align="center"><span class="genmed error">{ERROR}</span></td> + </tr> +<!-- ENDIF --> <tr> <td class="row3" colspan="2"><span class="gensmall"><!-- IF S_REPORT_POST -->{L_REPORT_POST_EXPLAIN}<!-- ELSE -->{L_REPORT_MESSAGE_EXPLAIN}<!-- ENDIF --></span></td> </tr> @@ -25,6 +30,9 @@ <td class="row1" valign="top"><span class="gen"><b>{L_MORE_INFO}{L_COLON}</b></span><br /><span class="gensmall">{L_CAN_LEAVE_BLANK}</span></td> <td class="row2"><textarea class="post" name="report_text" rows="10" cols="50">{REPORT_TEXT}</textarea></td> </tr> +<!-- IF CAPTCHA_TEMPLATE --> + <!-- INCLUDE {CAPTCHA_TEMPLATE} --> +<!-- ENDIF --> <tr> <td class="cat" colspan="2" align="center"><input type="submit" name="submit" class="btnmain" value="{L_SUBMIT}" /> <input type="submit" name="cancel" class="btnlite" value="{L_CANCEL}" /></td> </tr> |