phpBB/phpbb/db/extractor/sqlite_extractor.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/

namespace phpbb\db\extractor;

use phpbb\db\extractor\exception\extractor_not_initialized_exception;

class sqlite_extractor extends base_extractor
{
	/**
	* {@inheritdoc}
	*/
	public function write_start($table_prefix)
	{
		if (!$this->is_initialized)
		{
			throw new extractor_not_initialized_exception();
		}

		$sql_data = "--\n";
		$sql_data .= "-- phpBB Backup Script\n";
		$sql_data .= "-- Dump of tables for $table_prefix\n";
		$sql_data .= "-- DATE : " . gmdate("d-m-Y H:i:s", $this->time) . " GMT\n";
		$sql_data .= "--\n";
		$sql_data .= "BEGIN TRANSACTION;\n";
		$this->flush($sql_data);
	}

	/**
	* {@inheritdoc}
	*/
	public function write_table($table_name)
	{
		if (!$this->is_initialized)
		{
			throw new extractor_not_initialized_exception();
		}

		$sql_data = '-- Table: ' . $table_name . "\n";
		$sql_data .= "DROP TABLE $table_name;\n";

		$sql = "SELECT sql
			FROM sqlite_master
			WHERE type = 'table'
				AND name = '" . $this->db->sql_escape($table_name) . "'
			ORDER BY type DESC, name;";
		$result = $this->db->sql_query($sql);
		$row = $this->db->sql_fetchrow($result);
		$this->db->sql_freeresult($result);

		// Create Table
		$sql_data .= $row['sql'] . ";\n";

		$result = $this->db->sql_query("PRAGMA index_list('" . $this->db->sql_escape($table_name) . "');");

		$ar = array();
		while ($row = $this->db->sql_fetchrow($result))
		{
			$ar[] = $row;
		}
		$this->db->sql_freeresult($result);

		foreach ($ar as $value)
		{
			if (strpos($value['name'], 'autoindex') !== false)
			{
				continue;
			}

			$result = $this->db->sql_query("PRAGMA index_info('" . $this->db->sql_escape($value['name']) . "');");

			$fields = array();
			while ($row = $this->db->sql_fetchrow($result))
			{
				$fields[] = $row['name'];
			}
			$this->db->sql_freeresult($result);

			$sql_data .= 'CREATE ' . ($value['unique'] ? 'UNIQUE ' : '') . 'INDEX ' . $value['name'] . ' on ' . $table_name . ' (' . implode(', ', $fields) . ");\n";
		}

		$this->flush($sql_data . "\n");
	}

	/**
	* {@inheritdoc}
	*/
	public function write_data($table_name)
	{
		if (!$this->is_initialized)
		{
			throw new extractor_not_initialized_exception();
		}

		$col_types = sqlite_fetch_column_types($this->db->get_db_connect_id(), $table_name);

		$sql = "SELECT *
			FROM $table_name";
		$result = sqlite_unbuffered_query($this->db->get_db_connect_id(), $sql);
		$rows = sqlite_fetch_all($result, SQLITE_ASSOC);
		$sql_insert = 'INSERT INTO ' . $table_name . ' (' . implode(', ', array_keys($col_types)) . ') VALUES (';
		foreach ($rows as $row)
		{
			foreach ($row as $column_name => $column_data)
			{
				if (is_null($column_data))
				{
					$row[$column_name] = 'NULL';
				}
				else if ($column_data == '')
				{
					$row[$column_name] = "''";
				}
				else if (strpos($col_types[$column_name], 'text') !== false || strpos($col_types[$column_name], 'char') !== false || strpos($col_types[$column_name], 'blob') !== false)
				{
					$row[$column_name] = sanitize_data_generic(str_replace("'", "''", $column_data));
				}
			}
			$this->flush($sql_insert . implode(', ', $row) . ");\n");
		}
	}

	/**
	* Writes closing line(s) to database backup
	*
	* @return null
	* @throws \phpbb\db\extractor\exception\extractor_not_initialized_exception when calling this function before init_extractor()
	*/
	public function write_end()
	{
		if (!$this->is_initialized)
		{
			throw new extractor_not_initialized_exception();
		}

		$this->flush("COMMIT;\n");
		parent::write_end();
	}
}
<?php
/***************************************************************************
 *                              memberlist.php
 *                            -------------------
 *   begin                : Friday, May 11, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id$
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

// Start session management
$user->start();
$user->setup();
$auth->acl($user->data);

// Grab data
$mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : '';
$user_id = (isset($_GET['u'])) ? intval($_GET['u']) : ANONYMOUS;

// Can this user view profiles/memberslist?
if (!$auth->acl_gets('u_viewprofile', 'a_'))
{
	if ($user->data['user_id'] != ANONYMOUS)
	{
		trigger_error($user->lang['NO_VIEW_USERS']);
	}

	login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])));
}

$start = (isset($_GET['start'])) ? intval($_GET['start']) : 0;
$form = (!empty($_GET['form'])) ? htmlspecialchars($_GET['form']) : 0;
$field = (isset($_GET['field'])) ? htmlspecialchars($_GET['field']) : 'username';

$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 'c';
$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a';

$username = (!empty($_REQUEST['username'])) ? trim(htmlspecialchars($_REQUEST['username'])) : '';
$email = (!empty($_REQUEST['email'])) ? trim(htmlspecialchars($_REQUEST['email'])) : '';
$icq = (!empty($_REQUEST['icq'])) ? intval(htmlspecialchars($_REQUEST['icq'])) : '';
$aim = (!empty($_REQUEST['aim'])) ? trim(htmlspecialchars($_REQUEST['aim'])) : '';
$yahoo = (!empty($_REQUEST['yahoo'])) ? trim(htmlspecialchars($_REQUEST['yahoo'])) : '';
$msn = (!empty($_REQUEST['msn'])) ? trim(htmlspecialchars($_REQUEST['msn'])) : '';

$joined_select = (!empty($_REQUEST['joined_select'])) ? htmlspecialchars($_REQUEST['joined_select']) : 'lt';
$active_select = (!empty($_REQUEST['active_select'])) ? htmlspecialchars($_REQUEST['active_select']) : 'lt';
$count_select = (!empty($_REQUEST['count_select'])) ? htmlspecialchars($_REQUEST['count_select']) : 'eq';
$joined = (!empty($_REQUEST['joined'])) ? explode('-', trim(htmlspecialchars($_REQUEST['joined']))) : array();
$active = (!empty($_REQUEST['active'])) ? explode('-', trim(htmlspecialchars($_REQUEST['active']))) : array();
$count = (!empty($_REQUEST['count'])) ? intval($_REQUEST['count']) : '';
$ipdomain = (!empty($_REQUEST['ip'])) ? trim(htmlspecialchars($_REQUEST['ip'])) : '';

// Grab rank information for later
$sql = "SELECT * 
	FROM " . RANKS_TABLE . " 
	ORDER BY rank_special, rank_min DESC";
$result = $db->sql_query($sql, 120);

$ranksrow = array();
while ($row = $db->sql_fetchrow($result))
{
	$ranksrow[] = $row;
}
$db->sql_freeresult($result);

// What do you want to do today? ... oops, I think that line is taken ...
switch ($mode)
{
	case 'leaders':
		// Display a listing of board admins, moderators
		break;

	case 'viewprofile':
		// Display a profile
		$page_title = sprintf($user->lang['VIEWING_PROFILE'], $row['username']);
		$template_html = 'memberlist_view.html';
		
		if ($user_id == ANONYMOUS)
		{
			trigger_error($user->lang['NO_USER']);
		}

		// Do the SQL thang
		$sql = "SELECT g.group_id, g.group_name, g.group_type 
			FROM " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug 
			WHERE ug.user_id = $user_id 
				AND g.group_id = ug.group_id" . (($auth->acl_get('a_'))? ' AND g.group_type <> ' . GROUP_HIDDEN : '') . '  
			ORDER BY group_type, group_name';
		$result = $db->sql_query($sql);

		$group_options = '';
		while ($row = $db->sql_fetchrow($result))
		{
			$group_options .= '<option value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
		}

		// We left join on the session table to see if the user is currently online
		$sql = "SELECT username, user_id, user_colour, user_permissions, user_sig, user_viewemail, user_posts, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit, MAX(session_time) AS session_time  
			FROM " . USERS_TABLE . " 
			LEFT JOIN " . SESSIONS_TABLE . " ON session_user_id = user_id 
			WHERE user_id = $user_id
				AND user_active = 1
			GROUP BY username, user_id, user_colour, user_permissions, user_sig, user_viewemail, user_posts, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit";
		$result = $db->sql_query($sql);

		if (!($row = $db->sql_fetchrow($result)))
		{
			trigger_error($user->lang['NO_USER']);
		}
		$db->sql_freeresult($result);
		
		// Which forums does this user have an enabled post count?
		// Really auth should be handling this capability ...
		$post_count_sql = array();
		$auth2 = new auth();
		$auth2->acl($row);

		foreach ($auth2->acl['local'] as $forum => $auth_string)
		{
			if ($auth_string{$acl_options['local']['f_postcount']})
			{
				$post_count_sql[] = $forum;
			}
		}
		$post_count_sql = (sizeof($post_count_sql)) ? 'AND f.forum_id IN (' . implode(', ', $post_count_sql) . ')' : '';
		unset($auth2);

		// Grab all the relevant data
		$sql = "SELECT COUNT(p.post_id) AS num_posts   
			FROM " . POSTS_TABLE . " p, " . FORUMS_TABLE . " f
			WHERE p.poster_id = $user_id 
				AND f.forum_id = p.forum_id 
				$post_count_sql";
		$result = $db->sql_query($sql);

		$num_real_posts = min($row['user_posts'], $db->sql_fetchfield('num_posts', 0, $result));
		$db->sql_freeresult($result);

		$sql = "SELECT f.forum_id, f.forum_name, COUNT(post_id) AS num_posts   
			FROM " . POSTS_TABLE . " p, " . FORUMS_TABLE . " f 
			WHERE p.poster_id = $user_id 
				AND f.forum_id = p.forum_id 
				$post_count_sql
			GROUP BY f.forum_id, f.forum_name  
			ORDER BY num_posts DESC"; 
		$result = $db->sql_query_limit($sql, 1);

		$active_f_row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		$sql = "SELECT t.topic_id, t.topic_title, COUNT(p.post_id) AS num_posts   
			FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f  
			WHERE p.poster_id = $user_id 
				AND t.topic_id = p.topic_id  
				AND f.forum_id = t.forum_id 
				$post_count_sql
			GROUP BY t.topic_id, t.topic_title  
			ORDER BY num_posts DESC";
		$result = $db->sql_query_limit($sql, 1);

		$active_t_row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		// Do the relevant calculations 
		$memberdays = max(1, round((time() - $row['user_regdate']) / 86400));
		$posts_per_day = $row['user_posts'] / $memberdays;
		$percentage = ($config['num_posts']) ? min(100, ($num_real_posts / $config['num_posts']) * 100) : 0;

		$active_f_name = $active_f_id = $active_f_count = $active_f_pct = '';
		if (!empty($active_f_row['num_posts']))
		{
			$active_f_name = $active_f_row['forum_name'];
			$active_f_id = $active_f_row['forum_id'];
			$active_f_count = $active_f_row['num_posts'];
			$active_f_pct = ($active_f_count / $row['user_posts']) * 100;
		}
		unset($active_f_row);

		$active_t_name = $active_t_id = $active_t_count = $active_t_pct = '';
		if (!empty($active_t_row['num_posts']))
		{
			$active_t_name = $active_t_row['topic_title'];
			$active_t_id = $active_t_row['topic_id'];
			$active_t_count = $active_t_row['num_posts'];
			$active_t_pct = ($active_t_count / $row['user_posts']) * 100;
		}
		unset($active_t_row);

		$template->assign_vars(show_profile($row));

		$template->assign_vars(array(
			'POSTS_DAY'			=> sprintf($user->lang['POST_DAY'], $posts_per_day),
			'POSTS_PCT'			=> sprintf($user->lang['POST_PCT'], $percentage),
			'ACTIVE_FORUM'		=> $active_f_name, 
			'ACTIVE_FORUM_POSTS'=> ($active_f_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_f_count), 
			'ACTIVE_FORUM_PCT'	=> sprintf($user->lang['POST_PCT'], $active_f_pct), 
			'ACTIVE_TOPIC'		=> $active_t_name,
			'ACTIVE_TOPIC_POSTS'=> ($active_t_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_t_count), 
			'ACTIVE_TOPIC_PCT'	=> sprintf($user->lang['POST_PCT'], $active_t_pct), 

			'OCCUPATION'	=> (!empty($row['user_occ'])) ? $row['user_occ'] : '',
			'INTERESTS'		=> (!empty($row['user_interests'])) ? $row['user_interests'] : '',

			'S_PROFILE_ACTION'	=> "groupcp.$phpEx$SID", 
			'S_GROUP_OPTIONS'	=> $group_options, 

			'U_ACTIVE_FORUM'	=> "viewforum.$phpEx$SID&amp;f=$active_f_id",
			'U_ACTIVE_TOPIC'	=> "viewtopic.$phpEx$SID&amp;t=$active_t_id",)
		);
		break;

	case 'email':
		// Send an email
		$page_title = $user->lang['SEND_EMAIL'];
		$template_html = 'memberlist_email.html';

		if ($user_id == ANONYMOUS)
		{
			trigger_error($user->lang['NO_USER']);
		}

		if (empty($config['board_email_form']) || empty($config['email_enable']) || !$auth->acl_gets('u_sendemail', 'a_user'))
		{
			trigger_error($user->lang['NO_EMAIL']);
		}

		// Get the appropriate username, etc.
		$sql = "SELECT username, user_email, user_viewemail, user_lang
			FROM " . USERS_TABLE . "
			WHERE user_id = $user_id
				AND user_active = 1";
		$result = $db->sql_query($sql);

		if (!($row = $db->sql_fetchrow($result)))
		{
			trigger_error($$user->lang['NO_USER']);
		}
		$db->sql_freeresult($result);

		// Can we send email to this user?
		if (empty($row['user_viewemail']) && !$auth->acl_get('a_user'))
		{
			trigger_error($user->lang['NO_EMAIL']);
		}

		// Are we trying to abuse the facility?
		if (time() - $user->data['user_emailtime'] < $config['flood_interval'])
		{
			trigger_error($lang['FLOOD_EMAIL_LIMIT']);
		}

		// User has submitted a message, handle it
		if (isset($_POST['submit']))
		{
			$error = FALSE;

			if (isset($_POST['subject']) && trim($_POST['subject']) != '')
			{
				$subject = trim(stripslashes($_POST['subject']));
			}
			else
			{
				$error = TRUE;
				$error_msg = (!empty($error_msg)) ? $error_msg . '<br />' . $lang['EMPTY_SUBJECT_EMAIL'] : $lang['EMPTY_SUBJECT_EMAIL'];
			}

			if (isset($_POST['message']) && trim($_POST['message']) != '')
			{
				$message = trim(stripslashes($_POST['message']));
			}
			else
			{
				$error = TRUE;
				$error_msg = (!empty($error_msg)) ? $error_msg . '<br />' . $lang['EMPTY_MESSAGE_EMAIL'] : $lang['EMPTY_MESSAGE_EMAIL'];
			}

			if (!$error)
			{
				$sql = "UPDATE " . USERS_TABLE . "
					SET user_emailtime = " . time() . "
					WHERE user_id = " . $user->data['user_id'];
				$result = $db->sql_query($sql);

				include($phpbb_root_path . 'includes/emailer.'.$phpEx);
				$emailer = new emailer();

				$emailer->use_template('profile_send_email', $row['user_lang']);
				$emailer->email_address($row['user_email']);
				$emailer->set_subject($subject);

				$email_headers = '';
				if (!empty($_POST['cc_email']))
				{
					$email_headers = "Cc: " . $user->data['user_email'] . "\n";
				}
				$email_headers .= 'X-AntiAbuse: Board servername - ' . $server_name . "\n";
				$email_headers .= 'X-AntiAbuse: User_id - ' . $user->data['user_id'] . "\n";
				$email_headers .= 'X-AntiAbuse: Username - ' . $user->data['username'] . "\n";
				$email_headers .= 'X-AntiAbuse: User IP - ' . $user->ip . "\n";
				$emailer->extra_headers($email_headers);

				$emailer->assign_vars(array(
					'SITENAME'		=> $config['sitename'],
					'BOARD_EMAIL'	=> $config['board_contact'],
					'FROM_USERNAME' => $user->data['username'],
					'TO_USERNAME'	=> $row['username'],
					'MESSAGE'		=> $message)
				);

				$emailer->send();
				$emailer->reset();

				$template->assign_vars(array(
					'META' => '<meta http-equiv="refresh" content="3;url=' . "index.$phpEx$SID" . '">')
				);

				trigger_error($lang['EMAIL_SENT'] . '<br /><br />' . sprintf($lang['RETURN_INDEX'],  '<a href="' . "index.$phpEx$SID" . '">', '</a>'));
			}
		}

		$template->assign_vars(array(
			'USERNAME'		=> $username,
			'ERROR_MESSAGE'	=> (!empty($error_msg)) ? $error_msg : '', 

			'S_POST_ACTION' => "memberlist.$phpEx$SID&amp;mode=email&amp;u=$user_id")
		);
		break;

	default:
		// The basic memberlist
		$page_title = $user->lang['MEMBERLIST'];
		$template_html = 'memberlist_body.html';

		// Sorting
		$sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'e' => $user->lang['SORT_EMAIL'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['SORT_LAST_ACTIVE']);
		$sort_key_sql = array('a' => 'username', 'b' => 'user_from', 'c' => 'user_regdate', 'd' => 'user_posts', 'e' => 'user_email', 'f' => 'user_website', 'g' => 'user_icq', 'h' => 'user_aim', 'i' => 'user_msnm', 'j' => 'user_yim', 'k' => 'user_lastvisit');

		$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);

		$s_sort_key = '';
		foreach ($sort_key_text as $key => $value)
		{
			$selected = ($sort_key == $key) ? ' selected="selected"' : '';
			$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
		}

		$s_sort_dir = '';
		foreach ($sort_dir_text as $key => $value)
		{
			$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
			$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
		}

		// Additional sorting options for user search
		$where_sql = '';
		if ($mode == 'searchuser')
		{
			$find_key_match = array('lt' => '<', 'gt' => '>', 'eq' => '=');

			$find_count = array('lt' => $user->lang['LESS_THAN'], 'eq' => $user->lang['EQUAL_TO'], 'gt' => $user->lang['MORE_THAN']);
			$s_find_count = '';