diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-06-11 18:13:52 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-06-11 18:13:52 +0000 |
| commit | 01b41453812dc7b990f03b81f85dcfb9a18076fd (patch) | |
| tree | d12e93524fa7625d1220088d34a5a957cd618624 /phpBB/includes | |
| parent | ce3b07eee7dbefc68dcd8eab3ab667e6532c8561 (diff) | |
| download | forums-01b41453812dc7b990f03b81f85dcfb9a18076fd.tar forums-01b41453812dc7b990f03b81f85dcfb9a18076fd.tar.gz forums-01b41453812dc7b990f03b81f85dcfb9a18076fd.tar.bz2 forums-01b41453812dc7b990f03b81f85dcfb9a18076fd.tar.xz forums-01b41453812dc7b990f03b81f85dcfb9a18076fd.zip | |
- fixed a few bugs
- added user_add() function
- check posted images ([img]) for same domain/scipt and php files
- auth_api.html updated to the coding guidelines look&feel
- introduced ability to force non page-updates (cron is using it)
- correctly resend coppa email
git-svn-id: file:///svn/phpbb/trunk@6048 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
28 files changed, 1213 insertions, 1096 deletions
diff --git a/phpBB/includes/acm/acm_db.php b/phpBB/includes/acm/acm_db.php index 00fa21430d..cbb8af31fc 100644 --- a/phpBB/includes/acm/acm_db.php +++ b/phpBB/includes/acm/acm_db.php @@ -10,7 +10,6 @@ /** * @package acm -* @ignore * ACM Database Caching */ class acm diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 2d9a9461e7..379df056d4 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -222,12 +222,16 @@ class acp_forums $acl_url = '&mode=setting_forum_local&forum_id[]=' . $forum_data['forum_id'] . '&select_all_groups=1'; - // Redirect to permissions $message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED']; - $message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>'); - // redirect directly to permission settings screen - if ($action == 'add' && !$forum_perm_from) + // Redirect to permissions + if ($auth->acl_get('a_fauth')) + { + $message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>'); + } + + // redirect directly to permission settings screen if authed + if ($action == 'add' && !$forum_perm_from && $auth->acl_get('a_fauth')) { meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url)); } diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index b9001b24da..e54dc41dec 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -123,7 +123,7 @@ class acp_language 'HIDDEN' => $hidden_data, 'S_CONNECTION_SUCCESS' => (request_var('test_connection', '') && $test_connection === true) ? true : false, - 'S_CONNECTION_FAILED' => (request_var('test_connection', '') && $test_connection === false) ? true : false + 'S_CONNECTION_FAILED' => (request_var('test_connection', '') && $test_connection !== true) ? true : false )); break; @@ -327,9 +327,9 @@ class acp_language trigger_error($user->lang['INVALID_UPLOAD_METHOD']); } - if (!$transfer->open_session()) + if (($result = $transfer->open_session()) !== true) { - trigger_error($user->lang['ERR_CONNECTING_SERVER'] . adm_back_link($this->u_action)); + trigger_error($user->lang[$result] . adm_back_link($this->u_action)); } $transfer->rename($lang_path . $file, $lang_path . $file . '.bak'); diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 090ee0fe06..0e1e4fe793 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -59,19 +59,8 @@ class acp_main set_config('num_users', $config['num_users'] + sizeof($mark_ary), true); - // Get latest username - $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') - ORDER BY user_id DESC'; - $result = $db->sql_query_limit($sql, 1); - - if ($row = $db->sql_fetchrow($result)) - { - set_config('newest_user_id', $row['user_id'], true); - set_config('newest_username', $row['username'], true); - } - $db->sql_freeresult($result); + // Update latest username + update_last_username(); } else if ($action == 'delete') { @@ -368,7 +357,7 @@ class acp_main { while (($file = readdir($avatar_dir)) !== false) { - if ($file{0} != '.' && strpos($file, 'index.') === false) + if ($file{0} != '.' && $file != 'CVS' && strpos($file, 'index.') === false) { $avatar_dir_size += filesize($phpbb_root_path . $config['avatar_path'] . '/' . $file); } diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index fba21b3cb9..f2ce3ee18c 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -297,20 +297,8 @@ class acp_users set_config('num_users', $config['num_users'] - 1, true); } - // Get latest username - $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') - ORDER BY user_id DESC'; - $result = $db->sql_query_limit($sql, 1); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - set_config('newest_user_id', $row['user_id'], true); - set_config('newest_username', $row['username'], true); - } + // Update latest username + update_last_username(); trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&u=' . $user_id)); diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index e161e2a37e..6736b2f3d3 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -24,6 +24,10 @@ class bbcode var $template_bitfield = 0; var $template_filename = ''; + /** + * Constructor + * Init bbcode cache entries if bitfield is specified + */ function bbcode($bitfield = 0) { if ($bitfield) @@ -33,6 +37,9 @@ class bbcode } } + /** + * Second pass bbcodes + */ function bbcode_second_pass(&$message, $bbcode_uid = '', $bbcode_bitfield = false) { if ($bbcode_uid) @@ -96,13 +103,13 @@ class bbcode // Remove the uid from tags that have not been transformed into HTML $message = str_replace(':' . $this->bbcode_uid, '', $message); } - - // - // bbcode_cache_init() - // - // requires: $this->bbcode_bitfield - // sets: $this->bbcode_cache with bbcode templates needed for bbcode_bitfield - // + + /** + * Init bbcode cache + * + * requires: $this->bbcode_bitfield + * sets: $this->bbcode_cache with bbcode templates needed for bbcode_bitfield + */ function bbcode_cache_init() { global $user, $phpbb_root_path; @@ -119,7 +126,7 @@ class bbcode } $sql = ''; - $bbcode_ids = array(); + $bbcode_ids = $rowset = array(); $bitlen = strlen(decbin($this->bbcode_bitfield)); for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id) @@ -140,13 +147,12 @@ class bbcode if ($sql) { global $db; - $rowset = array(); $sql = 'SELECT * FROM ' . BBCODES_TABLE . " WHERE bbcode_id IN ($sql)"; - $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $rowset[$row['bbcode_id']] = $row; @@ -161,123 +167,159 @@ class bbcode case 0: $this->bbcode_cache[$bbcode_id] = array( 'str' => array( - '[/quote:$uid]' => $this->bbcode_tpl('quote_close', $bbcode_id) + '[/quote:$uid]' => $this->bbcode_tpl('quote_close', $bbcode_id) ), 'preg' => array( - '#\[quote(?:="(.*?)")?:$uid\](.)#ise' => "\$this->bbcode_second_pass_quote('\$1', '\$2')" + '#\[quote(?:="(.*?)")?:$uid\](.)#ise' => "\$this->bbcode_second_pass_quote('\$1', '\$2')" ) ); break; + case 1: - $this->bbcode_cache[$bbcode_id] = array('str' => array( - '[b:$uid]' => $this->bbcode_tpl('b_open', $bbcode_id), - '[/b:$uid]' => $this->bbcode_tpl('b_close', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'str' => array( + '[b:$uid]' => $this->bbcode_tpl('b_open', $bbcode_id), + '[/b:$uid]' => $this->bbcode_tpl('b_close', $bbcode_id), + ) + ); break; + case 2: - $this->bbcode_cache[$bbcode_id] = array('str' => array( - '[i:$uid]' => $this->bbcode_tpl('i_open', $bbcode_id), - '[/i:$uid]' => $this->bbcode_tpl('i_close', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'str' => array( + '[i:$uid]' => $this->bbcode_tpl('i_open', $bbcode_id), + '[/i:$uid]' => $this->bbcode_tpl('i_close', $bbcode_id), + ) + ); break; + case 3: - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[url:$uid\]((.*?))\[/url:$uid\]#s' => $this->bbcode_tpl('url', $bbcode_id), - '#\[url=([^\[]+?):$uid\](.*?)\[/url:$uid\]#s' => $this->bbcode_tpl('url', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[url:$uid\]((.*?))\[/url:$uid\]#s' => $this->bbcode_tpl('url', $bbcode_id), + '#\[url=([^\[]+?):$uid\](.*?)\[/url:$uid\]#s' => $this->bbcode_tpl('url', $bbcode_id), + ) + ); break; + case 4: if ($user->optionget('viewimg')) { - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[img:$uid\](.*?)\[/img:$uid\]#s' => $this->bbcode_tpl('img', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[img:$uid\](.*?)\[/img:$uid\]#s' => $this->bbcode_tpl('img', $bbcode_id), + ) + ); } else { - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[img:$uid\](.*?)\[/img:$uid\]#s' => str_replace('$2', '[ img ]', $this->bbcode_tpl('url', $bbcode_id)) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[img:$uid\](.*?)\[/img:$uid\]#s' => str_replace('$2', '[ img ]', $this->bbcode_tpl('url', $bbcode_id)), + ) + ); } break; + case 5: - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[size=([\-\+]?[1-2]?[0-9]):$uid\](.*?)\[/size:$uid\]#s' => $this->bbcode_tpl('size', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[size=([\-\+]?[1-2]?[0-9]):$uid\](.*?)\[/size:$uid\]#s' => $this->bbcode_tpl('size', $bbcode_id), + ) + ); break; + case 6: - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '!\[color=(#[0-9A-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s' => $this->bbcode_tpl('color', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '!\[color=(#[0-9A-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s' => $this->bbcode_tpl('color', $bbcode_id), + ) + ); break; + case 7: - $this->bbcode_cache[$bbcode_id] = array('str' => array( - '[u:$uid]' => $this->bbcode_tpl('u_open', $bbcode_id), - '[/u:$uid]' => $this->bbcode_tpl('u_close', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'str' => array( + '[u:$uid]' => $this->bbcode_tpl('u_open', $bbcode_id), + '[/u:$uid]' => $this->bbcode_tpl('u_close', $bbcode_id), + ) + ); break; + case 8: - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[code(?:=([a-z]+))?:$uid\](.*?)\[/code:$uid\]#ise' => "\$this->bbcode_second_pass_code('\$1', '\$2')" - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[code(?:=([a-z]+))?:$uid\](.*?)\[/code:$uid\]#ise' => "\$this->bbcode_second_pass_code('\$1', '\$2')", + ) + ); break; + case 9: $this->bbcode_cache[$bbcode_id] = array( 'preg' => array( '#(\[\/?(list|\*):[mou]?:?$uid\])[\n]{1}#' => "\$1", - '#(\[list=([^\[]+):$uid\])[\n]{1}#' => "\$1", - '#\[list=([^\[]+):$uid\]#e' => "\$this->bbcode_list('\$1')", + '#(\[list=([^\[]+):$uid\])[\n]{1}#' => "\$1", + '#\[list=([^\[]+):$uid\]#e' => "\$this->bbcode_list('\$1')", ), 'str' => array( - '[list:$uid]' => $this->bbcode_tpl('ulist_open_default', $bbcode_id), - '[/list:u:$uid]' => $this->bbcode_tpl('ulist_close', $bbcode_id), - '[/list:o:$uid]' => $this->bbcode_tpl('olist_close', $bbcode_id), - '[*:$uid]' => $this->bbcode_tpl('listitem', $bbcode_id), - '[/*:$uid]' => $this->bbcode_tpl('listitem_close', $bbcode_id), - '[/*:m:$uid]' => $this->bbcode_tpl('listitem_close', $bbcode_id) + '[list:$uid]' => $this->bbcode_tpl('ulist_open_default', $bbcode_id), + '[/list:u:$uid]' => $this->bbcode_tpl('ulist_close', $bbcode_id), + '[/list:o:$uid]' => $this->bbcode_tpl('olist_close', $bbcode_id), + '[*:$uid]' => $this->bbcode_tpl('listitem', $bbcode_id), + '[/*:$uid]' => $this->bbcode_tpl('listitem_close', $bbcode_id), + '[/*:m:$uid]' => $this->bbcode_tpl('listitem_close', $bbcode_id) ), ); break; + case 10: - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[email:$uid\]((.*?))\[/email:$uid\]#is' => $this->bbcode_tpl('email', $bbcode_id), - '#\[email=([^\[]+):$uid\](.*?)\[/email:$uid\]#is' => $this->bbcode_tpl('email', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[email:$uid\]((.*?))\[/email:$uid\]#is' => $this->bbcode_tpl('email', $bbcode_id), + '#\[email=([^\[]+):$uid\](.*?)\[/email:$uid\]#is' => $this->bbcode_tpl('email', $bbcode_id) + ) + ); break; + case 11: if ($user->optionget('viewflash')) { - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => $this->bbcode_tpl('flash', $bbcode_id) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => $this->bbcode_tpl('flash', $bbcode_id), + ) + ); } else { - $this->bbcode_cache[$bbcode_id] = array('preg' => array( - '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => str_replace('$1', '$3', str_replace('$2', '[ flash ]', $this->bbcode_tpl('url', $bbcode_id))) - )); + $this->bbcode_cache[$bbcode_id] = array( + 'preg' => array( + '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => str_replace('$1', '$3', str_replace('$2', '[ flash ]', $this->bbcode_tpl('url', $bbcode_id))) + ) + ); } break; + case 12: $this->bbcode_cache[$bbcode_id] = array( 'str' => array( - '[/attachment:$uid]' => $this->bbcode_tpl('inline_attachment_close', $bbcode_id)), + '[/attachment:$uid]' => $this->bbcode_tpl('inline_attachment_close', $bbcode_id) + ), 'preg' => array( - '#\[attachment=([0-9]+):$uid\]#' => $this->bbcode_tpl('inline_attachment_open', $bbcode_id)) + '#\[attachment=([0-9]+):$uid\]#' => $this->bbcode_tpl('inline_attachment_open', $bbcode_id) + ) ); - break; + break; + default: if (isset($rowset[$bbcode_id])) { if ($this->template_bitfield & (1 << $bbcode_id)) { // The bbcode requires a custom template to be loaded - if (!$bbcode_tpl = $this->bbcode_tpl($rowset[$bbcode_id]['bbcode_tag'], $bbcode_id)) { - // For some reason, the required template seems not to be available, - // use the default template - + // For some reason, the required template seems not to be available, use the default template $bbcode_tpl = (!empty($rowset[$bbcode_id]['second_pass_replace'])) ? $rowset[$bbcode_id]['second_pass_replace'] : $rowset[$bbcode_id]['bbcode_tpl']; } else @@ -285,7 +327,6 @@ class bbcode // In order to use templates with custom bbcodes we need // to replace all {VARS} to corresponding backreferences // Note that backreferences are numbered from bbcode_match - if (preg_match_all('/\{(URL|EMAIL|TEXT|COLOR|NUMBER)[0-9]*\}/', $rowset[$bbcode_id]['bbcode_match'], $m)) { foreach ($m[0] as $i => $tok) @@ -307,7 +348,6 @@ class bbcode if (!empty($rowset[$bbcode_id]['second_pass_replace'])) { // The custom BBCode requires second-pass pattern replacements - $this->bbcode_cache[$bbcode_id] = array( 'preg' => array($rowset[$bbcode_id]['second_pass_match'] => $bbcode_tpl) ); @@ -323,25 +363,29 @@ class bbcode { $this->bbcode_cache[$bbcode_id] = false; } + break; } } } + /** + * Return bbcode template + */ function bbcode_tpl($tpl_name, $bbcode_id = -1) { if (empty($bbcode_hardtpl)) { static $bbcode_hardtpl = array( - 'b_open' => '<span style="font-weight: bold">', - 'b_close' => '</span>', - 'i_open' => '<span style="font-style: italic">', - 'i_close' => '</span>', - 'u_open' => '<span style="text-decoration: underline">', - 'u_close' => '</span>', - 'img' => '<img src="$1" border="0" />', - 'size' => '<span style="font-size: $1px; line-height: normal">$2</span>', - 'color' => '<span style="color: $1">$2</span>', - 'email' => '<a href="mailto:$1">$2</a>' + 'b_open' => '<span style="font-weight: bold">', + 'b_close' => '</span>', + 'i_open' => '<span style="font-style: italic">', + 'i_close' => '</span>', + 'u_open' => '<span style="text-decoration: underline">', + 'u_close' => '</span>', + 'img' => '<img src="$1" border="0" />', + 'size' => '<span style="font-size: $1px; line-height: normal">$2</span>', + 'color' => '<span style="color: $1">$2</span>', + 'email' => '<a href="mailto:$1">$2</a>' ); } @@ -354,16 +398,16 @@ class bbcode { if (($tpl = file_get_contents($this->template_filename)) === false) { - trigger_error('Could not load bbcode template'); + trigger_error('Could not load bbcode template', E_USER_ERROR); } // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace("'", "\'", $tpl); - + // strip newlines and indent $tpl = preg_replace("/\n[\n\r\s\t]*/", '', $tpl); - + // Turn template blocks into PHP assignment statements for the values of $bbcode_tpl.. $this->bbcode_template = array(); @@ -382,19 +426,22 @@ class bbcode return (isset($this->bbcode_template[$tpl_name])) ? $this->bbcode_template[$tpl_name] : ((isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : false); } - + + /** + * Return bbcode template replacement + */ function bbcode_tpl_replace($tpl_name, $tpl) { global $user; - + static $replacements = array( - 'quote_username_open' => array('{USERNAME}' => '$1'), - 'color' => array('{COLOR}' => '$1', '{TEXT}' => '$2'), - 'size' => array('{SIZE}' => '$1', '{TEXT}' => '$2'), - 'img' => array('{URL}' => '$1'), - 'flash' => array('{WIDTH}' => '$1', '{HEIGHT}' => '$2', '{URL}' => '$3'), - 'url' => array('{URL}' => '$1', '{DESCRIPTION}' => '$2'), - 'email' => array('{EMAIL}' => '$1', '{DESCRIPTION}' => '$2') + 'quote_username_open' => array('{USERNAME}' => '$1'), + 'color' => array('{COLOR}' => '$1', '{TEXT}' => '$2'), + 'size' => array('{SIZE}' => '$1', '{TEXT}' => '$2'), + 'img' => array('{URL}' => '$1'), + 'flash' => array('{WIDTH}' => '$1', '{HEIGHT}' => '$2', '{URL}' => '$3'), + 'url' => array('{URL}' => '$1', '{DESCRIPTION}' => '$2'), + 'email' => array('{EMAIL}' => '$1', '{DESCRIPTION}' => '$2') ); $tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); @@ -406,61 +453,69 @@ class bbcode return trim($tpl); } - + + /** + * Second parse list bbcode + */ function bbcode_list($type) { - if ($type == '') - { - $tpl = 'ulist_open_default'; - $type = 'default'; - $start = 0; - } - else if ($type == 'i') - { - $tpl = 'olist_open'; - $type = 'lower-roman'; - $start = 1; - } - else if ($type == 'I') - { - $tpl = 'olist_open'; - $type = 'upper-roman'; - $start = 1; - } - else if (preg_match('#^(disc|circle|square)$#i', $type)) - { - $tpl = 'ulist_open'; - $type = strtolower($type); - $start = 1; - } - else if (preg_match('#^[a-z]$#', $type)) - { - $tpl = 'olist_open'; - $type = 'lower-alpha'; - $start = ord($type) - 96; - } - else if (preg_match('#[A-Z]#', $type)) - { - $tpl = 'olist_open'; - $type = 'upper-alpha'; - $start = ord($type) - 64; - } - else if (is_numeric($type)) - { - $tpl = 'olist_open'; - $type = 'arabic-numbers'; - $start = intval($type); - } - else + switch ($type) { - $tpl = 'olist_open'; - $type = 'arabic-numbers'; - $start = 1; + case '': + $tpl = 'ulist_open_default'; + $type = 'default'; + $start = 0; + break; + + case 'i': + $tpl = 'olist_open'; + $type = 'lower-roman'; + $start = 1; + break; + + case 'I': + $tpl = 'olist_open'; + $type = 'upper-roman'; + $start = 1; + break; + + case (preg_match('#^(disc|circle|square)$#i', $type)): + $tpl = 'ulist_open'; + $type = strtolower($type); + $start = 1; + break; + + case (preg_match('#^[a-z]$#', $type)): + $tpl = 'olist_open'; + $type = 'lower-alpha'; + $start = ord($type) - 96; + break; + + case (preg_match('#[A-Z]#', $type)): + $tpl = 'olist_open'; + $type = 'upper-alpha'; + $start = ord($type) - 64; + break; + + case (is_numeric($type)): + $tpl = 'olist_open'; + $type = 'arabic-numbers'; + $start = intval($type); + break; + + default: + $tpl = 'olist_open'; + $type = 'arabic-numbers'; + $start = 1; + break; } return str_replace('{LIST_TYPE}', $type, $this->bbcode_tpl($tpl)); } + /** + * Second parse quote tag + */ function bbcode_second_pass_quote($username, $quote) { // when using the /e modifier, preg_replace slashes double-quotes but does not @@ -479,6 +534,9 @@ class bbcode return $quote; } + /** + * Second parse code tag + */ function bbcode_second_pass_code($type, $code) { // when using the /e modifier, preg_replace slashes double-quotes but does not @@ -494,6 +552,8 @@ class bbcode $code = substr($code, 41); } + // no break; + default: $code = str_replace("\t", ' ', $code); $code = str_replace(' ', ' ', $code); @@ -504,6 +564,7 @@ class bbcode { $code = substr($code, 1); } + break; } $code = $this->bbcode_tpl('code_open') . $code . $this->bbcode_tpl('code_close'); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 1b7e6f5647..748295e632 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2264,7 +2264,9 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi function get_database_size() { global $db, $user, $table_prefix; - + + $database_size = false; + // This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0 switch (SQL_LAYER) { @@ -2289,7 +2291,7 @@ function get_database_size() FROM ' . $db_name; $result = $db->sql_query($sql); - $dbsize = 0; + $database_size = 0; while ($row = $db->sql_fetchrow($result)) { if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB'))) @@ -2298,27 +2300,19 @@ function get_database_size() { if (strstr($row['Name'], $table_prefix)) { - $dbsize += $row['Data_length'] + $row['Index_length']; + $database_size += $row['Data_length'] + $row['Index_length']; } } else { - $dbsize += $row['Data_length'] + $row['Index_length']; + $database_size += $row['Data_length'] + $row['Index_length']; } } } $db->sql_freeresult($result); } - else - { - $dbsize = $user->lang['NOT_AVAILABLE']; - } } - else - { - $dbsize = $user->lang['NOT_AVAILABLE']; - } - + break; case 'mssql': @@ -2327,9 +2321,9 @@ function get_database_size() $sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize FROM sysfiles'; $result = $db->sql_query($sql); - $dbsize = ($row = $db->sql_fetchrow($result)) ? intval($row['dbsize']) : $user->lang['NOT_AVAILABLE']; + $database_size = ($row = $db->sql_fetchrow($result)) ? $row['dbsize'] : false; $db->sql_freeresult($result); - + break; case 'postgres': @@ -2343,7 +2337,6 @@ function get_database_size() if ($row['proname'] == 'pg_database_size') { - $sql = "SELECT oid FROM pg_database WHERE datname = '" . $db->dbname . "'"; @@ -2358,26 +2351,22 @@ function get_database_size() $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - $dbsize = $row['size']; - } - else - { - $dbsize = $user->lang['NOT_AVAILABLE']; + $database_size = $row['size']; } break; - - default: - - $dbsize = $user->lang['NOT_AVAILABLE']; } - if (is_int($dbsize)) + if ($database_size !== false) + { + $database_size = ($database_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($database_size / 1048576)) : (($database_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($database_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $database_size)); + } + else { - $dbsize = ($dbsize >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($dbsize / 1048576)) : (($dbsize >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($dbsize / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $dbsize)); + $database_size = $user->lang['NOT_AVAILABLE']; } - return $dbsize; + return $database_size; } /** diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 1646731731..386eee7167 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -827,11 +827,12 @@ class jabber /** * Converts a string to utf8 encoding. - * @private * * @param string $string has to have the same encoding as {@link encoding the encoding attribute} is set to. * * @return boolean True on success, false on failure. + * + * @private */ function _conv_utf8(&$string) { diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 7d1334dcc1..71399446ad 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -1002,7 +1002,7 @@ class smtp_class } // Try EHLO first - $this->server_send("EHLO [{$local_host}]"); + $this->server_send("EHLO {$local_host}"); if ($err_msg = $this->server_parse('250', __LINE__)) { // a 503 response code means that we're already authenticated @@ -1012,7 +1012,7 @@ class smtp_class } // If EHLO fails, we try HELO - $this->server_send("HELO [{$local_host}]"); + $this->server_send("HELO {$local_host}"); if ($err_msg = $this->server_parse('250', __LINE__)) { return ($this->numeric_response_code == 503) ? false : $err_msg; diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c15726e2c8..85a89a3aa9 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -510,7 +510,7 @@ function create_thumbnail($source, $destination, $mimetype) return false; } - list($width, $height, $type, ) = getimagesize($source); + list($width, $height, $type, ) = @getimagesize($source); if (!$width || !$height) { diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 401eb01f46..05d46be2ea 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -11,7 +11,6 @@ /** * @package phpBB3 * Transfer class, wrapper for ftp/sftp/ssh -* @todo check for available extensions */ class transfer { @@ -39,7 +38,7 @@ class transfer // We use the store directory as temporary path to circumvent open basedir restrictions $this->tmp_path = $phpbb_root_path . 'store/'; } - + /** * Write file to location */ @@ -62,9 +61,9 @@ class transfer if (!$fp) { - trigger_error('Unable to create temporary file ' . $temp_name); + trigger_error('Unable to create temporary file ' . $temp_name, E_USER_ERROR); } - + @fwrite($fp, $contents); @fclose($fp); @@ -88,7 +87,7 @@ class transfer $this->_delete($destination_file); $result = $this->_put($source_file, $destination_file); $this->_chmod($destination_file, $this->file_perms); - + return $result; } @@ -100,7 +99,6 @@ class transfer global $phpbb_root_path; $dir = str_replace($phpbb_root_path, '', $dir); - $dir = explode('/', $dir); $dirs = ''; @@ -108,7 +106,7 @@ class transfer { $result = true; - if ($dir[$i] == '..' || $dir[$i] == '.') + if (strpos($dir[$i], '.') === 0) { continue; } @@ -116,7 +114,7 @@ class transfer if (!file_exists($phpbb_root_path . $dirs . $cur_dir)) { - // make the directory + // create the directory $result = $this->_mkdir($dir[$i]); $this->_chmod($dir[$i], $this->dir_perms); } @@ -147,7 +145,7 @@ class transfer { return false; } - + $result = $this->overwrite_file($from_loc, $to_loc); return $result; @@ -159,12 +157,12 @@ class transfer function delete_file($file) { global $phpbb_root_path; - + $file = $this->root_path . str_replace($phpbb_root_path, '', $file); return $this->_delete($file); } - + /** * Remove directory * @todo remove child directories? @@ -172,9 +170,9 @@ class transfer function remove_dir($dir) { global $phpbb_root_path; - + $dir = $this->root_path . str_replace($phpbb_root_path, '', $dir); - + return $this->_rmdir($dir); } @@ -186,7 +184,7 @@ class transfer global $phpbb_root_path; $old_handle = $this->root_path . str_replace($phpbb_root_path, '', $old_handle); - + return $this->_rename($old_handle, $new_handle); } @@ -262,11 +260,19 @@ class ftp extends transfer { global $user; - return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $user->page['root_script_path'], 'port' => 21, 'timeout' => 10); + return array( + 'host' => 'localhost', + 'username' => 'anonymous', + 'password' => '', + 'root_path' => $user->page['root_script_path'], + 'port' => 21, + 'timeout' => 10 + ); } /** * Init FTP Session + * @private */ function _init() { @@ -275,7 +281,7 @@ class ftp extends transfer if (!$this->connection) { - return false; + return 'ERR_CONNECTING_SERVER'; } // attempt to turn pasv mode on @@ -284,13 +290,13 @@ class ftp extends transfer // login to the server if (!@ftp_login($this->connection, $this->username, $this->password)) { - return false; + return 'ERR_UNABLE_TO_LOGIN'; } // change to the root directory if (!$this->_chdir($this->root_path)) { - return 'Unable to change directory'; + return 'ERR_CHANGING_DIRECTORY'; } return true; @@ -298,6 +304,7 @@ class ftp extends transfer /** * Create Directory (MKDIR) + * @private */ function _mkdir($dir) { @@ -306,6 +313,7 @@ class ftp extends transfer /** * Remove directory (RMDIR) + * @private */ function _rmdir($dir) { @@ -314,6 +322,7 @@ class ftp extends transfer /** * Remove directory (RMDIR) + * @private */ function _rename($old_handle, $new_handle) { @@ -322,6 +331,7 @@ class ftp extends transfer /** * Change current working directory (CHDIR) + * @private */ function _chdir($dir = '') { @@ -335,6 +345,7 @@ class ftp extends transfer /** * change file permissions (CHMOD) + * @private */ function _chmod($file, $perms) { @@ -347,23 +358,19 @@ class ftp extends transfer $chmod_cmd = 'CHMOD 0' . $perms . ' ' . $file; $err = $this->_site($chmod_cmd); } + return $err; } /** * Upload file to location (PUT) + * @private */ function _put($from_file, $to_file) { // get the file extension $file_extension = strtolower(substr(strrchr($to_file, '.'), 1)); - // extension list for files that need to be transfered as binary. - // Taken from the old EasyMOD which was taken from the attachment MOD -// $extensions = array('ace', 'ai', 'aif', 'aifc', 'aiff', 'ar', 'asf', 'asx', 'au', 'avi', 'doc', 'dot', 'gif', 'gtar', 'gz', 'ivf', 'jpeg', 'jpg', 'm3u', 'mid', 'midi', 'mlv', 'mp2', 'mp3', 'mp2v', 'mpa', 'mpe', 'mpeg', 'mpg', 'mpv2', 'pdf', 'png', 'ppt', 'ps', 'rar', 'rm', 'rmi', 'snd', 'swf', 'tga', 'tif', 'wav', 'wax', 'wm', 'wma', 'wmv', 'wmx', 'wvx', 'xls', 'zip') ; -// $is_binary = in_array($file_extension, $extensions); -// $mode = ($is_binary) ? FTP_BINARY : FTP_ASCII; - // We only use the BINARY file mode to cicumvent rewrite actions from ftp server (mostly linefeeds being replaced) $mode = FTP_BINARY; @@ -379,14 +386,16 @@ class ftp extends transfer /** * Delete file (DELETE) + * @private */ function _delete($file) { return @ftp_delete($this->connection, $file); } - + /** * Close ftp session (CLOSE) + * @private */ function _close() { @@ -401,6 +410,7 @@ class ftp extends transfer /** * Return current working directory (CWD) * At the moment not used by parent class + * @private */ function _cwd() { @@ -410,6 +420,7 @@ class ftp extends transfer /** * Return list of files in a given directory (LS) * At the moment not used by parent class + * @private */ function _ls($dir = './') { @@ -418,6 +429,7 @@ class ftp extends transfer /** * FTP SITE command (ftp-only function) + * @private */ function _site($command) { @@ -462,11 +474,19 @@ class ftp_fsock extends transfer { global $user; - return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $user->page['root_script_path'], 'port' => 21, 'timeout' => 10); + return array( + 'host' => 'localhost', + 'username' => 'anonymous', + 'password' => '', + 'root_path' => $user->page['root_script_path'], + 'port' => 21, + 'timeout' => 10 + ); } /** * Init FTP Session + * @private */ function _init() { @@ -478,7 +498,7 @@ class ftp_fsock extends transfer if (!$this->connection || !$this->_check_command()) { - return false; + return 'ERR_CONNECTING_SERVER'; } @stream_set_timeout($this->connection, $this->timeout); @@ -486,18 +506,18 @@ class ftp_fsock extends transfer // login if (!$this->_send_command('USER', $this->username)) { - return false; + return 'ERR_UNABLE_TO_LOGIN'; } if (!$this->_send_command('PASS', $this->password)) { - return false; + return 'ERR_UNABLE_TO_LOGIN'; } // change to the root directory if (!$this->_chdir($this->root_path)) { - return 'Unable to change directory'; + return 'ERR_CHANGING_DIRECTORY'; } return true; @@ -505,6 +525,7 @@ class ftp_fsock extends transfer /** * Create Directory (MKDIR) + * @private */ function _mkdir($dir) { @@ -513,6 +534,7 @@ class ftp_fsock extends transfer /** * Remove directory (RMDIR) + * @private */ function _rmdir($dir) { @@ -521,6 +543,7 @@ class ftp_fsock extends transfer /** * Change current working directory (CHDIR) + * @private */ function _chdir($dir = '') { @@ -534,6 +557,7 @@ class ftp_fsock extends transfer /** * change file permissions (CHMOD) + * @private */ function _chmod($file, $perms) { @@ -542,6 +566,7 @@ class ftp_fsock extends transfer /** * Upload file to location (PUT) + * @private */ function _put($from_file, $to_file) { @@ -577,6 +602,7 @@ class ftp_fsock extends transfer /** * Delete file (DELETE) + * @private */ function _delete($file) { @@ -585,6 +611,7 @@ class ftp_fsock extends transfer /** * Close ftp session (CLOSE) + * @private */ function _close() { @@ -599,6 +626,7 @@ class ftp_fsock extends transfer /** * Return current working directory (CWD) * At the moment not used by parent class + * @private */ function _cwd() { @@ -609,6 +637,7 @@ class ftp_fsock extends transfer /** * Return list of files in a given directory (LS) * At the moment not used by parent class + * @private */ function _ls($dir = './') { @@ -631,6 +660,7 @@ class ftp_fsock extends transfer /** * Send a command to server (FTP fsock only function) + * @private */ function _send_command($command, $args = '', $check = true) { @@ -651,6 +681,7 @@ class ftp_fsock extends transfer /** * Opens a connection to send data (FTP fosck only function) + * @private */ function _open_data_connection() { @@ -685,6 +716,7 @@ class ftp_fsock extends transfer /** * Closes a connection used to send data + * @private */ function _close_data_connection() { @@ -693,6 +725,7 @@ class ftp_fsock extends transfer /** * Check to make sure command was successful (FTP fsock only function) + * @private */ function _check_command($return = false) { diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index ddb717f8be..44ed7d288f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -63,6 +63,29 @@ function user_get_id_name(&$user_id_ary, &$username_ary) } /** +* Get latest registered username and update database to reflect it +*/ +function update_last_username() +{ + global $db; + + // Get latest username + $sql = 'SELECT user_id, username + FROM ' . USERS_TABLE . ' + WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') + ORDER BY user_id DESC'; + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + set_config('newest_user_id', $row['user_id'], true); + set_config('newest_username', $row['username'], true); + } +} + +/** * Updates a username across all relevant tables/fields * * @param string $old_name the old/current username @@ -97,6 +120,105 @@ function user_update_name($old_name, $new_name) } /** +* Add User +*/ +function user_add($user_row, $cp_data = false) +{ + global $db, $config; + + if (empty($user_row['username']) || empty($user_row['group_id']) || empty($user_row['user_email']) || empty($user_row['user_type'])) + { + return false; + } + + $sql_ary = array( + 'username' => $user_row['username'], + 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', + 'user_email' => $user_row['user_email'], + 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), + 'group_id' => $user_row['group_id'], + 'user_type' => $user_row['user_type'], + ); + + // These are the additional vars able to be specified + $additional_vars = array( + 'user_permissions' => '', + 'user_timezone' => 0, + 'user_dateformat' => $config['default_dateformat'], + 'user_lang' => $config['default_lang'], + 'user_style' => $config['default_style'], + 'user_allow_pm' => 1, + 'user_actkey' => '', + 'user_ip' => '', + 'user_regdate' => time(), + + 'user_lastmark' => time(), + 'user_lastvisit' => 0, + 'user_lastpost_time' => 0, + 'user_lastpage' => '', + 'user_posts' => 0, + 'user_dst' => 0, + 'user_colour' => '', + 'user_avatar' => '', + 'user_avatar_type' => 0, + 'user_avatar_width' => 0, + 'user_avatar_height' => 0, + 'user_new_privmsg' => 0, + 'user_unread_privmsg' => 0, + 'user_last_privmsg' => 0, + 'user_message_rules' => 0, + 'user_full_folder' => PRIVMSGS_NO_BOX, + 'user_emailtime' => 0, + + 'user_notify' => 0, + 'user_notify_pm' => 1, + 'user_notify_type' => NOTIFY_EMAIL, + 'user_allow_pm' => 1, + 'user_allow_email' => 1, + 'user_allow_viewonline' => 1, + 'user_allow_viewemail' => 1, + 'user_allow_massemail' => 1, + + 'user_sig' => '', + 'user_sig_bbcode_uid' => '', + 'user_sig_bbcode_bitfield' => 0, + ); + + // Now fill the sql array with not required variables + foreach ($additional_vars as $key => $default_value) + { + $sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value; + } + + $db->sql_transaction('begin'); + + $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); + + $user_id = $db->sql_nextid(); + + // Insert Custom Profile Fields + if ($cp_data !== false && sizeof($cp_data)) + { + $cp_data['user_id'] = (int) $user_id; + $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp->build_insert_sql_array($cp_data)); + $db->sql_query($sql); + } + + // Place into appropriate group... + $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array( + 'user_id' => (int) $user_id, + 'group_id' => (int) $user_row['group_id'], + 'user_pending' => 0) + ); + $db->sql_query($sql); + + $db->sql_transaction('commit'); + + return $user_id; +} + +/** * Remove User */ function user_delete($mode, $user_id, $post_username = false) @@ -193,18 +315,7 @@ function user_delete($mode, $user_id, $post_username = false) // Reset newest user info if appropriate if ($config['newest_user_id'] == $user_id) { - $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') - ORDER BY user_id DESC'; - $result = $db->sql_query_limit($sql, 1); - - if ($row = $db->sql_fetchrow($result)) - { - set_config('newest_user_id', $row['user_id'], true); - set_config('newest_username', $row['username'], true); - } - $db->sql_freeresult($result); + update_last_username(); } set_config('num_users', $config['num_users'] - 1, true); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 5d9a192cbf..ecfd4a50ed 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -89,19 +89,19 @@ class bbcode_firstpass extends bbcode // order, so it is important to keep [code] in first position and // [quote] in second position. $this->bbcodes = array( - 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")), - 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")), - 'attachment'=> array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")), - 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")), - 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")), - 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), - 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")), - 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")), - 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), - 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")), - 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(=[a-z|0-9|(?:disc|circle|square))]+)?\].*\[/list\]#ise' => "\$this->bbcode_parse_list('\$0')")), - 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), - 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) + 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")), + 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")), + 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")), + 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")), + 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")), + 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), + 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")), + 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")), + 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), + 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")), + 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(=[a-z|0-9|(?:disc|circle|square))]+)?\].*\[/list\]#ise' => "\$this->bbcode_parse_list('\$0')")), + 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), + 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) ); // Zero the parsed items array @@ -119,8 +119,8 @@ class bbcode_firstpass extends bbcode $sql = 'SELECT * FROM ' . BBCODES_TABLE; - $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $rowset[] = $row; @@ -146,7 +146,8 @@ class bbcode_firstpass extends bbcode // seem to slash anything else $in = str_replace("\r\n", "\n", str_replace('\"', '"', $in)); - if (!$in) + // Trimming here to make sure no empty bbcodes are parsed accidently + if (!trim($in)) { return false; } @@ -168,7 +169,7 @@ class bbcode_firstpass extends bbcode } /** - * Parse size bbcode + * Parse size tag */ function bbcode_size($stx, $in) { @@ -188,7 +189,7 @@ class bbcode_firstpass extends bbcode } /** - * Parse color bbcode + * Parse color tag */ function bbcode_color($stx, $in) { @@ -201,7 +202,7 @@ class bbcode_firstpass extends bbcode } /** - * Parse u bbcode + * Parse u tag */ function bbcode_underline($in) { @@ -214,7 +215,7 @@ class bbcode_firstpass extends bbcode } /** - * Parse b bbcode + * Parse b tag */ function bbcode_strong($in) { @@ -227,7 +228,7 @@ class bbcode_firstpass extends bbcode } /** - * Parse i bbcode + * Parse i tag */ function bbcode_italic($in) { @@ -240,44 +241,67 @@ class bbcode_firstpass extends bbcode } /** - * Parse img bbcode + * Parse img tag */ function bbcode_img($in) { - global $user, $config; + global $user, $config, $phpEx; if (!$this->check_bbcode('img', $in)) { return ''; } + $in = trim($in); + if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { - $stats = getimagesize($in); + $stats = @getimagesize($in); + if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $stats[1]) { $this->warn_msg[] = sprintf($user->lang['MAX_IMG_HEIGHT_EXCEEDED'], $config['max_' . $this->mode . '_img_height']); } + if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $stats[0]) { $this->warn_msg[] = sprintf($user->lang['MAX_IMG_WIDTH_EXCEEDED'], $config['max_' . $this->mode . '_img_width']); } } - return '[img:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars(trim($in)) . '[/img:' . $this->bbcode_uid . ']'; + // Is the user trying to link to a php file in this domain and script path? + if (strpos($in, ".{$phpEx}") !== false && strpos($in, substr($user->page['root_script_path'], 0, -1)) !== false) + { + $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); + + // Forcing server vars is the only way to specify/override the protocol + if ($config['force_server_vars'] || !$server_name) + { + $server_name = $config['server_name']; + } + + if (strpos($in, $server_name) !== false) + { + return '[img]' . $in . '[/img]'; + } + } + + return '[img:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($in) . '[/img:' . $this->bbcode_uid . ']'; } /** - * Parse flash bbcode + * Parse flash tag */ function bbcode_flash($width, $height, $in) { + global $config; + if (!$this->check_bbcode('flash', $in)) { return ''; } - global $config; + $in = trim($in); // Apply the same size checks on flash files as on images if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) @@ -293,7 +317,24 @@ class bbcode_firstpass extends bbcode } } - return '[flash=' . $width . ',' . $height . ':' . $this->bbcode_uid . ']' . $this->bbcode_specialchars(trim($in)) . '[/flash:' . $this->bbcode_uid . ']'; + // Is the user trying to link to a php file in this domain and script path? + if (strpos($in, ".{$phpEx}") !== false && strpos($in, substr($user->page['root_script_path'], 0, -1)) !== false) + { + $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); + + // Forcing server vars is the only way to specify/override the protocol + if ($config['force_server_vars'] || !$server_name) + { + $server_name = $config['server_name']; + } + + if (strpos($in, $server_name) !== false) + { + return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]'; + } + } + + return '[flash=' . $width . ',' . $height . ':' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($in) . '[/flash:' . $this->bbcode_uid . ']'; } /** @@ -310,7 +351,7 @@ class bbcode_firstpass extends bbcode } /** - * Parse code bbcode + * Parse code tag * Expects the argument to start right after the opening [code] tag and to end with [/code] */ function bbcode_code($stx, $in) @@ -320,8 +361,6 @@ class bbcode_firstpass extends bbcode return ''; } - // $in = trim($in); - // We remove the hardcoded elements from the code block here because it is not used in code blocks // Having it here saves us one preg_replace per message containing [code] blocks // Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too... @@ -367,11 +406,11 @@ class bbcode_firstpass extends bbcode switch (strtolower($stx)) { case 'php': + $code = trim($code); + $remove_tags = false; - $str_from = array('<', '>'); - $str_to = array('<', '>'); + $code = str_replace(array('<', '>'), array('<', '>'), $code); - $code = str_replace($str_from, $str_to, $code); if (!preg_match('/^\<\?.*?\?\>/is', $code)) { $remove_tags = true; @@ -386,7 +425,6 @@ class bbcode_firstpass extends bbcode // Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results $code = html_entity_decode($code); - $code = highlight_string($code, true); $str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':'); @@ -415,9 +453,6 @@ class bbcode_firstpass extends bbcode break; default: - $str_from = array('<', '>', '[', ']', '.', ':'); - $str_to = array('<', '>', '[', ']', '.', ':'); - $out .= '[code:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($code) . '[/code:' . $this->bbcode_uid . ']'; break; } @@ -810,7 +845,7 @@ class parse_message extends bbcode_firstpass } /** - * Parse Message : public + * Parse Message */ function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $update_this_message = true, $mode = 'post') { @@ -909,7 +944,9 @@ class parse_message extends bbcode_firstpass return false; } - // Formatting text for display + /** + * Formatting text for display + */ function format_display($allow_bbcode, $allow_magic_url, $allow_smilies, $update_this_message = true) { // If false, then the parsed message get returned but internal message not processed. @@ -948,9 +985,11 @@ class parse_message extends bbcode_firstpass $this->message_status = 'display'; return false; - } - - // Decode message to be placed back into form box + } + + /** + * Decode message to be placed back into form box + */ function decode_message($custom_bbcode_uid = '', $update_this_message = true) { // If false, then the parsed message get returned but internal message not processed. @@ -972,27 +1011,32 @@ class parse_message extends bbcode_firstpass $this->message_status = 'plain'; return false; } - - // Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx. - // Cuts down displayed size of link if over 50 chars, turns absolute links - // into relative versions when the server/script path matches the link + + /** + * Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx. + * Cuts down displayed size of link if over 50 chars, turns absolute links + * into relative versions when the server/script path matches the link + */ function magic_url($server_url) { // We use the global make_clickable function $this->message = make_clickable($this->message, $server_url); } - // Parse Smilies + /** + * Parse Smilies + */ function smilies($max_smilies = 0) { global $db, $user, $phpbb_root_path; static $match; static $replace; - // NOTE: There is a memory leak in this block somewhere :\ // See if the static arrays have already been filled on an earlier invocation if (!is_array($match)) { + $match = $replace = array(); + // NOTE: obtain_* function? chaching the table contents? // For now setting the ttl to 10 minutes @@ -1020,21 +1064,11 @@ class parse_message extends bbcode_firstpass } $result = $db->sql_query($sql, 600); - if ($row = $db->sql_fetchrow($result)) - { - $match = $replace = array(); - - do - { - // (assertion) - $match[] = '#(?<=^|[\n ]|\.)' . preg_quote($row['code'], '#') . '#'; - $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" border="0" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->'; - } - while ($row = $db->sql_fetchrow($result)); - } - else + while ($row = $db->sql_fetchrow($result)) { - $match = $replace = array(); + // (assertion) + $match[] = '#(?<=^|[\n ]|\.)' . preg_quote($row['code'], '#') . '#'; + $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" border="0" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->'; } $db->sql_freeresult($result); } @@ -1056,7 +1090,9 @@ class parse_message extends bbcode_firstpass } } - // Parse Attachments + /** + * Parse Attachments + */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { global $config, $auth, $user, $phpbb_root_path, $phpEx; @@ -1098,7 +1134,7 @@ class parse_message extends bbcode_firstpass $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message); - + $this->filename_data['filecomment'] = ''; // This Variable is set to false here, because Attachments are entered into the @@ -1141,7 +1177,7 @@ class parse_message extends bbcode_firstpass { delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } - + unset($this->attachment_data[$index]); $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message); @@ -1158,7 +1194,7 @@ class parse_message extends bbcode_firstpass $edit_comment = key($edit_comment); $this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment]; } - + if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_')) @@ -1301,8 +1337,10 @@ class parse_message extends bbcode_firstpass } } } - - // Parse Poll + + /** + * Parse Poll + */ function parse_poll(&$poll) { global $auth, $user, $config; @@ -1315,7 +1353,7 @@ class parse_message extends bbcode_firstpass $bbcode_bitfield = $this->bbcode_bitfield; $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false); - + $this->bbcode_bitfield |= $bbcode_bitfield; $this->message = $tmp_message; @@ -1333,7 +1371,7 @@ class parse_message extends bbcode_firstpass $poll['poll_options'] = explode("\n", trim($poll['poll_option_text'])); $poll['poll_options_size'] = sizeof($poll['poll_options']); - + if (sizeof($poll['poll_options']) == 1) { $this->warn_msg[] = $user->lang['TOO_FEW_POLL_OPTIONS']; diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f35279fda0..3737c21079 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -14,18 +14,21 @@ */ class session { - var $session_id = ''; var $cookie_data = array(); + var $page = array(); + var $data = array(); var $browser = ''; var $host = ''; + var $session_id = ''; var $ip = ''; - var $page = array(); - var $current_page_filename = ''; - var $load; + var $load = 0; var $time_now = 0; + var $update_session_page = true; /** * Extract current session page + * + * @param string $root_path current root path (phpbb_root_path) */ function extract_current_page($root_path) { @@ -39,7 +42,7 @@ class session if (!$script_name) { $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); - $page['failover'] = 1; + $page_array['failover'] = 1; } // Replace backslashes and doubled slashes (could happen on some proxy setups) @@ -122,22 +125,26 @@ class session * running on a system which makes such information readily available) and * halt if it's above an admin definable limit. * + * @param bool $update_session_page if true the session page gets updated. + * This can be set to circumvent certain scripts to update the users last visited page. + * * @todo Introduce further user types, bot, guest * @todo Change user_type (as above) to a bitfield? user_type & USER_FOUNDER for example */ - function session_begin() + function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path; - $this->time_now = time(); - - $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : ''; - $this->host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost'; + // Give us some basic informations + $this->time_now = time(); + $this->cookie_data = array('u' => 0, 'k' => ''); + $this->update_session_page = $update_session_page; + $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? (string) $_SERVER['HTTP_USER_AGENT'] : ''; + $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost'; + $this->page = $this->extract_current_page($phpbb_root_path); - $this->page = $this->extract_current_page($phpbb_root_path); $this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : ''; - $this->cookie_data = array('u' => 0, 'k' => ''); if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) { // Switch to request_var ... can this cause issues, can a _GET/_POST param @@ -155,7 +162,7 @@ class session $this->session_id = $_SID = request_var('sid', ''); $SID = '?sid=' . $this->session_id; } - + // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; @@ -190,7 +197,6 @@ class session WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "' AND u.user_id = s.session_user_id"; $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -204,15 +210,15 @@ class session $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); - $s_browser = ($config['browser_check']) ? substr($this->data['session_browser'], 0, 149) : ''; - $u_browser = ($config['browser_check']) ? substr($this->browser, 0, 149) : ''; + $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; + $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; if ($u_ip === $s_ip && $s_browser === $u_browser) { $session_expired = false; // Check whether the session is still valid if we have one - $method = trim($config['auth_method']); + $method = basename(trim($config['auth_method'])); if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) { @@ -248,10 +254,16 @@ class session if (!$session_expired) { // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page']) + if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) { - $sql = 'UPDATE ' . SESSIONS_TABLE . " - SET session_time = $this->time_now, session_page = '" . $db->sql_escape(substr($this->page['page'], 0, 199)) . "' + $sql_ary = array('session_time' => $this->time_now); + + if ($this->update_session_page) + { + $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + } + + $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); } @@ -289,14 +301,14 @@ class session global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; $this->data = array(); - + /* Garbage collection ... remove old sessions updating user information // if necessary. It means (potentially) 11 queries but only infrequently if ($this->time_now > $config['session_last_gc'] + $config['session_gc']) { $this->session_gc(); }*/ - + // Do we allow autologin on this board? No? Then override anything // that may be requested here if (!$config['allow_autologin']) @@ -320,7 +332,7 @@ class session { $bot = $row['user_id']; } - + // If ip is supplied, we will make sure the ip is matching too... if ($row['bot_ip'] && ($bot || !$row['bot_agent'])) { @@ -343,7 +355,7 @@ class session } } - $method = trim($config['auth_method']); + $method = basename(trim($config['auth_method'])); if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) { @@ -373,7 +385,6 @@ class session AND k.user_id = u.user_id AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); } @@ -387,11 +398,10 @@ class session WHERE user_id = ' . (int) $this->cookie_data['u'] . ' AND user_type <> ' . USER_INACTIVE; $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); } - + // If no data was returned one or more of the following occured: // Key didn't match one in the DB // User does not exist @@ -406,7 +416,6 @@ class session FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $this->cookie_data['u']; $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); } @@ -430,7 +439,7 @@ class session { $this->check_ban(); } - + // // Do away with ultimately? $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS) ? true : false; @@ -448,13 +457,17 @@ class session 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time_now, 'session_browser' => (string) $this->browser, - 'session_page' => (string) substr($this->page['page'], 0, 199), 'session_ip' => (string) $this->ip, 'session_autologin' => ($session_autologin) ? 1 : 0, 'session_admin' => ($set_admin) ? 1 : 0, 'session_viewonline' => ($viewonline) ? 1 : 0, ); + if ($this->update_session_page) + { + $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); + } + $db->sql_return_on_error(true); $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " @@ -465,25 +478,26 @@ class session // Limit new sessions in 1 minute period (if required) if ((!isset($this->data['session_time']) || !$this->data['session_time']) && $config['active_sessions']) { - $sql = 'SELECT COUNT(*) AS sessions + $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_time >= ' . ($this->time_now - 60); $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - + if ((int) $row['sessions'] > (int) $config['active_sessions']) { trigger_error('BOARD_UNAVAILABLE'); } } - + $this->session_id = $this->data['session_id'] = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; + $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); - $db->sql_query('INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); + $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); } $db->sql_return_on_error(false); @@ -492,13 +506,14 @@ class session { $this->set_login_key(); } - + $SID = '?sid='; $_SID = ''; + if (!$bot) { $cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000); - + $this->set_cookie('u', $this->cookie_data['u'], $cookie_expire); $this->set_cookie('k', $this->cookie_data['k'], $cookie_expire); $this->set_cookie('sid', $this->session_id, $cookie_expire); @@ -506,17 +521,12 @@ class session $SID = '?sid=' . $this->session_id; $_SID = $this->session_id; - if ($this->data['user_id'] != ANONYMOUS) - { -// global $evt; -// $evt->trigger(EVT_NEW_SESSION, $this->data); - } unset($cookie_expire); } - + return true; } - + /** * Kills a session * @@ -535,7 +545,7 @@ class session $db->sql_query($sql); // Allow connecting logout with external auth method logout - $method = trim($config['auth_method']); + $method = basename(trim($config['auth_method'])); if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) { @@ -555,7 +565,7 @@ class session { $this->data['session_time'] = time(); } - + $sql = 'UPDATE ' . USERS_TABLE . ' SET user_lastvisit = ' . (int) $this->data['session_time'] . ' WHERE user_id = ' . (int) $this->data['user_id']; @@ -568,26 +578,24 @@ class session AND key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; $db->sql_query($sql); } - + // Reset the data array - $this->data = array(); - + $this->data = array(); + $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); - } - + $cookie_expire = $this->time_now - 31536000; $this->set_cookie('u', '', $cookie_expire); $this->set_cookie('k', '', $cookie_expire); $this->set_cookie('sid', '', $cookie_expire); unset($cookie_expire); - + $SID = '?sid='; $this->session_id = $_SID = ''; @@ -603,8 +611,6 @@ class session * data before those sessions are destroyed. In addition this method * removes autologin key information that is older than an admin defined * limit. - * - * @todo add to cron */ function session_gc() { @@ -614,7 +620,7 @@ class session { $this->time_now = time(); } - + switch (SQL_LAYER) { case 'mysql4': @@ -652,7 +658,7 @@ class session $db->sql_query($sql); set_config('session_last_gc', $this->time_now); - break; + break; default: @@ -682,6 +688,7 @@ class session } while ($row = $db->sql_fetchrow($result)); } + $db->sql_freeresult($result); if ($del_user_id) { @@ -698,7 +705,7 @@ class session // called again to delete other sessions set_config('session_last_gc', $this->time_now, true); } - break; + break; } if ($config['max_autologin_time']) @@ -747,11 +754,11 @@ class session function check_ban($user_id = false, $user_ip = false, $user_email = false, $return = false) { global $config, $db; - + $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; $user_ip = ($user_ip === false) ? $this->ip : $user_ip; $user_email = ($user_email === false) ? $this->data['user_email'] : $user_email; - + $banned = false; $sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end @@ -791,6 +798,7 @@ class session { $this->session_kill(); } + // Determine which message to output $till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : ''; $message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; @@ -799,15 +807,10 @@ class session $message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : ''; trigger_error($message); } - - if ($banned) - { - return true; - } - return false; + return ($banned) ? true : false; } - + /** * Set/Update a persistent login key * @@ -816,20 +819,18 @@ class session * DB. When they revisit with the same key it's automatically updated in both the * DB and cookie. Multiple keys may exist for each user representing different * browsers or locations. As with _any_ non-secure-socket no passphrase login this - * remains vulnerable to exploit. However, by rotating the keys and seperating them - * from the password hash it's more secure than 2.0.x. Don't be surprised to see - * this backported! + * remains vulnerable to exploit. */ function set_login_key($user_id = false, $key = false, $user_ip = false) { global $config, $db; - + $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; $user_ip = ($user_ip === false) ? $this->ip : $user_ip; $key = ($key === false) ? (($this->cookie_data['k']) ? $this->cookie_data['k'] : false) : $key; - + $key_id = unique_id(hexdec(substr($this->session_id, 0, 8))); - + $sql_ary = array( 'key_id' => (string) md5($key_id), 'last_ip' => (string) $this->ip, @@ -842,13 +843,22 @@ class session 'user_id' => (int) $user_id ); } - - $sql = ($key) ? 'UPDATE ' . SESSIONS_KEYS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_id . " AND key_id = '" . $db->sql_escape(md5($key)) . "'" : 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + + if ($key) + { + $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . (int) $user_id . " + AND key_id = '" . $db->sql_escape(md5($key)) . "'"; + } + else + { + $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + } $db->sql_query($sql); - + $this->cookie_data['k'] = $key_id; - unset($sql_ary, $key_id); - + return false; } @@ -864,13 +874,14 @@ class session $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; - $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id; + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id; $db->sql_query($sql); // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact $sql_where = 'session_user_id = ' . (int) $user_id; - $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $this->session_id . "'" : ''; + $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE $sql_where"; @@ -910,6 +921,9 @@ class user extends session var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10); var $keyvalues = array(); + /** + * Setup basic user-specific items (style, language, ...) + */ function setup($lang_set = false, $style = false) { global $db, $template, $config, $auth, $phpEx, $phpbb_root_path, $cache; @@ -931,6 +945,8 @@ class user extends session $this->timezone = $config['board_timezone'] * 3600; $this->dst = $config['board_dst'] * 3600; +/* Browser-specific language setting removed - might re-appear later + if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); @@ -957,6 +973,7 @@ class user extends session } } } +*/ } // We include common language file here to not load it every time a custom language file is included @@ -966,7 +983,6 @@ class user extends session die("Language file " . $this->lang_path . "common.$phpEx" . " couldn't be opened."); } - $this->add_lang($lang_set); unset($lang_set); @@ -992,6 +1008,7 @@ class user extends session AND i.imageset_id = s.imageset_id"; $result = $db->sql_query($sql, 3600); $this->theme = $db->sql_fetchrow($result); + $db->sql_freeresult($result); // User has wrong style if (!$this->theme && $style == $this->data['user_style']) @@ -1041,6 +1058,9 @@ class user extends session } } + // If the style author specified the theme needs to be cached + // (because of the used paths and variables) than make sure it is the case. + // For example, if the theme uses language-specific images it needs to be stored in db. if (!$this->theme['theme_storedb'] && $this->theme['parse_css_file']) { $this->theme['theme_storedb'] = 1; @@ -1051,8 +1071,10 @@ class user extends session 'theme_storedb' => 1 ); - $db->sql_query('UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE theme_id = ' . $this->theme['theme_id']); + $sql = 'UPDATE ' . STYLES_THEME_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE theme_id = ' . $this->theme['theme_id']; + $db->sql_query($sql); unset($sql_ary); } @@ -1078,8 +1100,7 @@ class user extends session } // Does the user need to change their password? If so, redirect to the - // ucp profile reg_details page ... of course do not redirect if we're - // already in the ucp + // ucp profile reg_details page ... of course do not redirect if we're already in the ucp if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) { if (strpos($this->page['query_string'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx") @@ -1091,13 +1112,22 @@ class user extends session return; } - // Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion) - // - // $lang_set = array('posting', 'help' => 'faq'); - // $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq')) - // $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq')) - // $lang_set = 'posting' - // $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting')) + /** + * Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion) + * + * @param mixed $lang_set specifies the language entries to include + * @param bool $use_db internal variable for recursion, do not use + * @param bool $use_help internal variable for recursion, do not use + * + * Examples: + * <code> + * $lang_set = array('posting', 'help' => 'faq'); + * $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq')) + * $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq')) + * $lang_set = 'posting' + * $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting')) + * </code> + */ function add_lang($lang_set, $use_db = false, $use_help = false) { global $phpEx; @@ -1135,6 +1165,10 @@ class user extends session } } + /** + * Set language entry (called by add_lang) + * @private + */ function set_lang(&$lang, &$help, $lang_file, $use_db = false, $use_help = false) { global $phpEx; @@ -1154,7 +1188,7 @@ class user extends session { if ((include($this->lang_path . (($use_help) ? 'help_' : '') . "$lang_file.$phpEx")) === false) { - trigger_error("Language file {$this->lang_path}" . (($use_help) ? 'help_' : '') . "$lang_file.$phpEx couldn't be opened."); + trigger_error("Language file {$this->lang_path}" . (($use_help) ? 'help_' : '') . "$lang_file.$phpEx couldn't be opened.", E_USER_ERROR); } } else if ($use_db) @@ -1165,6 +1199,9 @@ class user extends session } } + /** + * Format user date + */ function format_date($gmepoch, $format = false, $forcedate = false) { static $lang_dates, $midnight; @@ -1204,6 +1241,9 @@ class user extends session return strtr(@gmdate(str_replace('|', '', $format), $gmepoch + $this->timezone + $this->dst), $lang_dates); } + /** + * Get language id currently used by the user + */ function get_iso_lang_id() { global $config, $db; @@ -1228,7 +1268,9 @@ class user extends session return $lang_id; } - // Get profile fields for user + /** + * Get users profile fields + */ function get_profile_fields($user_id) { global $db; @@ -1238,14 +1280,17 @@ class user extends session return; } - $sql = 'SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE . " + $sql = 'SELECT * + FROM ' . PROFILE_FIELDS_DATA_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query_limit($sql, 1); - $this->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row; $db->sql_freeresult($result); } + /** + * Specify/Get image + */ function img($img, $alt = '', $width = false, $suffix = '', $type = 'full_tag') { static $imgs; @@ -1289,7 +1334,7 @@ class user extends session } $alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt; - + switch ($type) { case 'src': @@ -1310,7 +1355,9 @@ class user extends session } } - // Start code for checking/setting option bit field for user table + /** + * Get option bit field from user options + */ function optionget($key, $data = false) { if (!isset($this->keyvalues[$key])) @@ -1318,9 +1365,13 @@ class user extends session $var = ($data) ? $data : $this->data['user_options']; $this->keyvalues[$key] = ($var & 1 << $this->keyoptions[$key]) ? true : false; } + return $this->keyvalues[$key]; } + /** + * Set option bit field for user options + */ function optionset($key, $value, $data = false) { $var = ($data) ? $data : $this->data['user_options']; diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index f5feb11a68..5e7db9acda 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -17,12 +17,10 @@ if (!defined('IN_PHPBB')) /** * @package phpBB3 -* * Base Template class. */ class template { - /** variable that holds all the data we'll be substituting into * the compiled templates. Takes form: * --> $this->_tpldata[block.][iteration#][child.][iteration#][child2.][iteration#][variablename] == value @@ -66,7 +64,7 @@ class template $this->root = $template_path; $this->cachepath = $phpbb_root_path . 'cache/ctpl_' . $template_name . '_'; - + return true; } @@ -156,7 +154,7 @@ class template } /** - * Display the handle and assign the output to a template variable or return the content. + * Display the handle and assign the output to a template variable or return the compiled result. * @public */ function assign_display($handle, $template_var = '', $return_content = true, $include_once = false) @@ -171,7 +169,7 @@ class template } $this->assign_var($template_var, $contents); - + return true; } @@ -225,44 +223,41 @@ class template OR template_included LIKE '%" . $db->sql_escape($this->filename[$handle]) . ":%')"; $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) + while ($row = $db->sql_fetchrow($result)) { - do + if ($row['template_mtime'] < filemtime($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/' . $row['template_filename'])) { - if ($row['template_mtime'] < filemtime($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/' . $row['template_filename'])) - { - if ($row['template_filename'] == $this->filename[$handle]) - { - $compile->_tpl_load_file($handle); - } - else - { - $this->files[$row['template_filename']] = $this->root . '/' . $row['template_filename']; - $compile->_tpl_load_file($row['template_filename']); - unset($this->compiled_code[$row['template_filename']]); - unset($this->files[$row['template_filename']]); - } - } - if ($row['template_filename'] == $this->filename[$handle]) { - $this->compiled_code[$handle] = $compile->compile(trim($row['template_data'])); - $compile->compile_write($handle, $this->compiled_code[$handle]); + $compile->_tpl_load_file($handle); } else { - // Only bother compiling if it doesn't already exist - if (!file_exists($this->cachepath . str_replace('/', '.', $row['template_filename']) . '.' . $phpEx)) - { - $this->filename[$row['template_filename']] = $row['template_filename']; - $compile->compile_write($row['template_filename'], $compile->compile(trim($row['template_data']))); - unset($this->filename[$row['template_filename']]); - } + $this->files[$row['template_filename']] = $this->root . '/' . $row['template_filename']; + $compile->_tpl_load_file($row['template_filename']); + unset($this->compiled_code[$row['template_filename']]); + unset($this->files[$row['template_filename']]); + } + } + + if ($row['template_filename'] == $this->filename[$handle]) + { + $this->compiled_code[$handle] = $compile->compile(trim($row['template_data'])); + $compile->compile_write($handle, $this->compiled_code[$handle]); + } + else + { + // Only bother compiling if it doesn't already exist + if (!file_exists($this->cachepath . str_replace('/', '.', $row['template_filename']) . '.' . $phpEx)) + { + $this->filename[$row['template_filename']] = $row['template_filename']; + $compile->compile_write($row['template_filename'], $compile->compile(trim($row['template_data']))); + unset($this->filename[$row['template_filename']]); } } - while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); + return false; } @@ -316,7 +311,7 @@ class template $s_row_count = isset($str[$blocks[$blockcount]]) ? sizeof($str[$blocks[$blockcount]]) : 0; $vararray['S_ROW_COUNT'] = $s_row_count; - + // Assign S_FIRST_ROW if (!$s_row_count) { @@ -355,8 +350,7 @@ class template unset($this->_tpldata[$blockname][($s_row_count - 1)]['S_LAST_ROW']); } - // Add a new iteration to this block with the variable assignments - // we were given. + // Add a new iteration to this block with the variable assignments we were given. $this->_tpldata[$blockname][] = $vararray; } @@ -368,7 +362,6 @@ class template * * Some Examples: * <code> - * * alter_block_array('loop', $vararray); // Insert vararray at the beginning * alter_block_array('loop', $vararray, 2); // Insert vararray at position 2 * alter_block_array('loop', $vararray, array('KEY' => 'value')); // Insert vararray at the position where the key 'KEY' has the value of 'value' @@ -379,7 +372,6 @@ class template * alter_block_array('loop', $vararray, array('KEY' => 'value'), 'change'); // Change/Merge vararray with existing array at the position where the key 'KEY' has the value of 'value' * alter_block_array('loop', $vararray, false, 'change'); // Change/Merge vararray with existing array at first position * alter_block_array('loop', $vararray, true, 'change'); // Change/Merge vararray with existing array at last position - * * </code> * * @param string $blockname the blockname, for example 'loop' @@ -391,18 +383,17 @@ class template * int: Position [the position to change or insert at directly given] * * If key is false the position is set to 0 - * * If key is true the position is set to the last entry * * @param insert|change $mode Mode to execute * * If insert, the vararray is inserted at the given position (position counting from zero). - * * If change, the current block gets merged with the vararray (resulting in new key/value pairs be added and existing keys be replaced by the new value). * * Since counting begins by zero, inserting at the last position will result in this array: array(vararray, last positioned array) * and inserting at position 1 will result in this array: array(first positioned array, vararray, following vars) * + * @return false on error, true on success * @public */ function alter_block_array($blockname, $vararray, $key = false, $mode = 'insert') @@ -441,7 +432,7 @@ class template return false; } } - + // Insert Block if ($mode == 'insert') { @@ -468,10 +459,10 @@ class template // Insert vararray at given position $vararray['S_ROW_COUNT'] = $key; $this->_tpldata[$blockname][$key] = $vararray; - + return true; } - + // Which block to change? if ($mode == 'change') { diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index f9f39f4663..87e6cb8169 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -15,9 +15,12 @@ */ class ucp_activate { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $config, $phpbb_root_path, $phpEx; + global $db, $user, $auth, $template; $user_id = request_var('u', 0); $key = request_var('k', ''); @@ -26,60 +29,64 @@ class ucp_activate FROM ' . USERS_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); + $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if (!$row) + if (!$user_row) { - trigger_error($user->lang['NO_USER']); + trigger_error('NO_USER'); } - if ($row['user_type'] <> USER_INACTIVE && !$row['user_newpasswd']) + if ($user_row['user_type'] <> USER_INACTIVE && !$user_row['user_newpasswd']) { meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); - trigger_error($user->lang['ALREADY_ACTIVATED']); + trigger_error('ALREADY_ACTIVATED'); } - - if ($row['user_actkey'] != $key) + + if ($user_row['user_actkey'] != $key) { - trigger_error($user->lang['WRONG_ACTIVATION']); + trigger_error('WRONG_ACTIVATION'); } - $update_password = ($row['user_newpasswd']) ? true : false; + $update_password = ($user_row['user_newpasswd']) ? true : false; if ($update_password) { $sql_ary = array( 'user_type' => USER_NORMAL, 'user_actkey' => '', - 'user_password' => $row['user_newpasswd'], + 'user_password' => $user_row['user_newpasswd'], 'user_newpasswd' => '' ); - - $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $row['user_id']; - $result = $db->sql_query($sql); + + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . $user_row['user_id']; + $db->sql_query($sql); } - // TODO: check for group membership after password update... active_flip there too if (!$update_password) { + include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + // Now we need to demote the user from the inactive group and add him to the registered group + user_active_flip($user_row['user_id'], $user_row['user_type'], '', $user_row['username'], true); - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); - user_active_flip($row['user_id'], $row['user_type'], '', $row['username'], true); + // Update last username + update_last_username(); + set_config('num_users', $config['num_users'] + 1, true); } if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) { - include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - $messenger = new messenger(); + $messenger = new messenger(false); - $messenger->template('admin_welcome_activated', $row['user_lang']); + $messenger->template('admin_welcome_activated', $user_row['user_lang']); $messenger->replyto($config['board_contact']); - $messenger->to($row['user_email'], $row['username']); + $messenger->to($user_row['user_email'], $user_row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); @@ -88,13 +95,12 @@ class ucp_activate $messenger->assign_vars(array( 'SITENAME' => $config['sitename'], - 'USERNAME' => html_entity_decode($row['username']), + 'USERNAME' => html_entity_decode($user_row['username']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig'])) ); - $messenger->send($row['user_notify_type']); - $messenger->save_queue(); + $messenger->send($user_row['user_notify_type']); $message = 'ACCOUNT_ACTIVE_ADMIN'; } @@ -103,26 +109,6 @@ class ucp_activate $message = (!$update_password) ? 'ACCOUNT_ACTIVE' : 'PASSWORD_ACTIVATED'; } - if (!$update_password) - { - // Get latest username - $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') - ORDER BY user_id DESC'; - $result = $db->sql_query_limit($sql, 1); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - set_config('newest_user_id', $row['user_id'], true); - set_config('newest_username', $row['username'], true); - } - - set_config('num_users', $config['num_users'] + 1, true); - } - meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); trigger_error($user->lang[$message]); } diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index b699643f37..8582a92478 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -28,10 +28,12 @@ class ucp_attachments $delete = (isset($_POST['delete'])) ? true : false; $confirm = (isset($_POST['confirm'])) ? true : false; $delete_ids = isset($_REQUEST['attachment']) ? array_keys(array_map('intval', $_REQUEST['attachment'])) : array(); - + if ($delete && sizeof($delete_ids)) { - $s_hidden_fields = array('delete' => 1); + $s_hidden_fields = array( + 'delete' => 1 + ); foreach ($delete_ids as $attachment_id) { @@ -55,13 +57,13 @@ class ucp_attachments confirm_box(false, (sizeof($delete_ids) == 1) ? 'DELETE_ATTACHMENT' : 'DELETE_ATTACHMENTS', build_hidden_fields($s_hidden_fields)); } } - + // Select box eventually $sort_key_text = array('a' => $user->lang['SORT_FILENAME'], 'b' => $user->lang['SORT_COMMENT'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']); $sort_key_sql = array('a' => 'a.real_filename', 'b' => 'a.comment', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title'); $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); - + $s_sort_key = ''; foreach ($sort_key_text as $key => $value) { @@ -77,20 +79,18 @@ class ucp_attachments } $order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC'); - + $sql = 'SELECT COUNT(attach_id) as num_attachments FROM ' . ATTACHMENTS_TABLE . ' WHERE poster_id = ' . $user->data['user_id']; - $result = $db->sql_query_limit($sql, 1); + $result = $db->sql_query($sql); $num_attachments = $db->sql_fetchfield('num_attachments'); $db->sql_freeresult($result); - + $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title FROM ' . ATTACHMENTS_TABLE . ' a - LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id - AND a.in_message = 0) - LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id - AND a.in_message = 1) + LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) + LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1) WHERE a.poster_id = ' . $user->data['user_id'] . " ORDER BY $order_by"; $result = $db->sql_query_limit($sql, $config['posts_per_page'], $start); @@ -124,7 +124,7 @@ class ucp_attachments 'ATTACH_ID' => $row['attach_id'], 'POST_ID' => $row['post_msg_id'], 'TOPIC_ID' => $row['topic_id'], - + 'S_IN_MESSAGE' => $row['in_message'], 'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']), @@ -146,7 +146,7 @@ class ucp_attachments 'U_SORT_FILENAME' => $this->u_action . "&sk=a&sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_FILE_COMMENT' => $this->u_action . "&sk=b&sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_EXTENSION' => $this->u_action . "&i=$id&sk=c&sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_EXTENSION' => $this->u_action . "&sk=c&sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_FILESIZE' => $this->u_action . "&sk=d&sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_DOWNLOADS' => $this->u_action . "&sk=e&sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_POST_TIME' => $this->u_action . "&sk=f&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index ec9b5c77d6..8729b3e854 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -22,6 +22,8 @@ */ class ucp_confirm { + var $u_action; + function main($id, $mode) { global $db, $user, $phpbb_root_path, $config, $phpEx; @@ -56,11 +58,7 @@ class ucp_confirm if (function_exists('imagettfbbox') && function_exists('imagettftext')) { - $policy_modules[] = 'policy_overlap'; - $policy_modules[] = 'policy_shape'; - $policy_modules[] = 'policy_cells'; - $policy_modules[] = 'policy_stencil'; - $policy_modules[] = 'policy_composite'; + $policy_modules += array('policy_overlap', 'policy_shape', 'policy_cells', 'policy_stencil', 'policy_composite'); } foreach ($policy_modules as $key => $name) @@ -87,4 +85,5 @@ class ucp_confirm exit; } } + ?>
\ No newline at end of file diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 70f0e20f60..a0eec4b5ad 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -62,7 +62,7 @@ class ucp_main $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' WHERE forum_type = ' . FORUM_POST; - + if (sizeof($forum_ary)) { $sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')'; @@ -122,26 +122,26 @@ class ucp_main } $template->assign_block_vars('topicrow', array( - 'FORUM_ID' => $forum_id, - 'TOPIC_ID' => $topic_id, + 'FORUM_ID' => $forum_id, + 'TOPIC_ID' => $topic_id, 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), - 'LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] == ANONYMOUS) ? (($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] . ' ' : $user->lang['GUEST'] . ' ') : $row['topic_last_poster_name'], - 'TOPIC_TITLE' => censor_text($row['topic_title']), - 'TOPIC_TYPE' => $topic_type, + 'LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] == ANONYMOUS) ? (($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] . ' ' : $user->lang['GUEST'] . ' ') : $row['topic_last_poster_name'], + 'TOPIC_TITLE' => censor_text($row['topic_title']), + 'TOPIC_TYPE' => $topic_type, - 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), - 'NEWEST_POST_IMG' => $user->img('icon_post_newest', 'VIEW_NEWEST_POST'), - 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), - 'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'), - 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '', + 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), + 'NEWEST_POST_IMG' => $user->img('icon_post_newest', 'VIEW_NEWEST_POST'), + 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), + 'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'), + 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '', 'S_USER_POSTED' => (!empty($row['topic_posted']) && $row['topic_posted']) ? true : false, 'S_UNREAD' => $unread_topic, - 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', - 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&view=unread") . '#unread', - 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id")) + 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], + 'U_LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', + 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&view=unread") . '#unread', + 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id")) ); } @@ -174,10 +174,9 @@ class ucp_main // 'S_GROUP_OPTIONS' => $group_options, 'S_SHOW_ACTIVITY' => ($config['load_user_activity']) ? true : false, - 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", 'author_id=' . $user->data['user_id'] . '&sr=posts') : '', - ) + 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", 'author_id=' . $user->data['user_id'] . '&sr=posts') : '') ); - break; + break; case 'subscribed': @@ -185,7 +184,7 @@ class ucp_main $user->add_lang('viewforum'); $unwatch = (isset($_POST['unwatch'])) ? true : false; - + if ($unwatch) { $forums = (isset($_POST['f'])) ? implode(', ', array_map('intval', array_keys($_POST['f']))) : false; @@ -198,7 +197,7 @@ class ucp_main { $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . " WHERE forum_id IN ($forums) - AND user_id = " .$user->data['user_id']; + AND user_id = " . $user->data['user_id']; $db->sql_query($sql); $l_unwatch .= '_FORUMS'; @@ -208,7 +207,7 @@ class ucp_main { $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id IN ($topics) - AND user_id = " .$user->data['user_id']; + AND user_id = " . $user->data['user_id']; $db->sql_query($sql); $l_unwatch .= '_TOPICS'; @@ -229,8 +228,8 @@ class ucp_main FORUMS_TABLE => 'f' ), - 'WHERE' => "fw.user_id = " . $user->data['user_id'] . ' - AND f.forum_id = fw.forum_id', + 'WHERE' => 'fw.user_id = ' . $user->data['user_id'] . ' + AND f.forum_id = fw.forum_id', 'ORDER_BY' => 'left_id' ); @@ -243,6 +242,7 @@ class ucp_main 'ON' => 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id' ) ); + $sql_array['SELECT'] .= ', ft.mark_time '; } else @@ -297,22 +297,21 @@ class ucp_main } $template->assign_block_vars('forumrow', array( - 'FORUM_ID' => $forum_id, - 'FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt), + 'FORUM_ID' => $forum_id, + 'FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt), 'FORUM_FOLDER_IMG_SRC' => $user->img($folder_image, $folder_alt, false, '', 'src'), - 'FORUM_NAME' => $row['forum_name'], - 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), - 'LAST_POST_TIME' => $last_post_time, - 'LAST_POST_AUTHOR' => $last_poster, - - 'U_LAST_POST_AUTHOR'=> $last_poster_url, - 'U_LAST_POST' => $last_post_url, - 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])) + 'FORUM_NAME' => $row['forum_name'], + 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), + 'LAST_POST_TIME' => $last_post_time, + 'LAST_POST_AUTHOR' => $last_poster, + + 'U_LAST_POST_AUTHOR' => $last_poster_url, + 'U_LAST_POST' => $last_post_url, + 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])) ); } $db->sql_freeresult($result); - // Subscribed Topics $start = request_var('start', 0); @@ -331,7 +330,7 @@ class ucp_main 'TOTAL_TOPICS' => ($topics_count == 1) ? $user->lang['VIEW_FORUM_TOPIC'] : sprintf($user->lang['VIEW_FORUM_TOPICS'], $topics_count)) ); } - + $sql_array = array( 'SELECT' => 't.*', @@ -340,8 +339,8 @@ class ucp_main TOPICS_TABLE => 't' ), - 'WHERE' => "tw.user_id = " . $user->data['user_id'] . ' - AND t.topic_id = tw.topic_id', + 'WHERE' => 'tw.user_id = ' . $user->data['user_id'] . ' + AND t.topic_id = tw.topic_id', 'ORDER_BY' => 't.topic_last_post_time DESC' ); @@ -419,44 +418,43 @@ class ucp_main // Send vars to template $template->assign_block_vars('topicrow', array( - 'FORUM_ID' => $forum_id, - 'TOPIC_ID' => $topic_id, - 'TOPIC_AUTHOR' => topic_topic_author($row), - 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FORUM_ID' => $forum_id, + 'TOPIC_ID' => $topic_id, + 'TOPIC_AUTHOR' => topic_topic_author($row), + 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), - 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], - 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), - 'REPLIES' => $replies, - 'VIEWS' => $row['topic_views'], - 'TOPIC_TITLE' => censor_text($row['topic_title']), - 'TOPIC_TYPE' => $topic_type, - - 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), - 'NEWEST_POST_IMG' => $user->img('icon_post_newest', 'VIEW_NEWEST_POST'), - 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), - 'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'), - 'TOPIC_ICON_IMG' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['img'] : '', + 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], + 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), + 'REPLIES' => $replies, + 'VIEWS' => $row['topic_views'], + 'TOPIC_TITLE' => censor_text($row['topic_title']), + 'TOPIC_TYPE' => $topic_type, + + 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), + 'NEWEST_POST_IMG' => $user->img('icon_post_newest', 'VIEW_NEWEST_POST'), + 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), + 'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'), + 'TOPIC_ICON_IMG' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['img'] : '', 'TOPIC_ICON_IMG_WIDTH' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '', 'TOPIC_ICON_IMG_HEIGHT' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '', - 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', + 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', 'S_TOPIC_TYPE' => $row['topic_type'], 'S_USER_POSTED' => (!empty($row['topic_posted'])) ? true : false, 'S_UNREAD_TOPIC' => $unread_topic, - 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread', - 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', - 'U_VIEW_TOPIC' => $view_topic_url) + 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread', + 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], + 'U_LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', + 'U_VIEW_TOPIC' => $view_topic_url) ); - } - break; + break; case 'bookmarks': - + if (!$config['allow_bookmarks']) { $template->assign_vars(array( @@ -492,21 +490,21 @@ class ucp_main $db->sql_query($sql); } } - + if (isset($_POST['unbookmark'])) { - $s_hidden_fields = '<input type="hidden" name="unbookmark" value="1" />'; + $s_hidden_fields = array('unbookmark' => 1); $topics = (isset($_POST['t'])) ? array_map('intval', array_keys($_POST['t'])) : array(); $url = $this->u_action; - + if (!sizeof($topics)) { trigger_error('NO_BOOKMARKS_SELECTED'); } - + foreach ($topics as $topic_id) { - $s_hidden_fields .= '<input type="hidden" name="t[' . $topic_id . ']" value="1" />'; + $s_hidden_fields['t'][$topic_id] = 1; } if (confirm_box(true)) @@ -525,10 +523,12 @@ class ucp_main $i = 1; while ($row = $db->sql_fetchrow($result)) { - $db->sql_query('UPDATE ' . BOOKMARKS_TABLE . " + $sql = 'UPDATE ' . BOOKMARKS_TABLE . " SET order_id = $i WHERE topic_id = {$row['topic_id']} - AND user_id = {$user->data['user_id']}"); + AND user_id = {$user->data['user_id']}"; + $db->sql_query($sql); + $i++; } $db->sql_freeresult($result); @@ -539,7 +539,7 @@ class ucp_main } else { - confirm_box(false, 'REMOVE_SELECTED_BOOKMARKS', $s_hidden_fields); + confirm_box(false, 'REMOVE_SELECTED_BOOKMARKS', build_hidden_fields($s_hidden_fields)); } } @@ -553,67 +553,67 @@ class ucp_main WHERE b.user_id = ' . $user->data['user_id'] . ' ORDER BY b.order_id ASC'; $result = $db->sql_query($sql); - + while ($row = $db->sql_fetchrow($result)) { $forum_id = $row['forum_id']; $topic_id = $row['b_topic_id']; - + $replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies']; - + // Get folder img, topic status/type related informations $folder_img = $folder_alt = $topic_type = ''; $unread_topic = false; - + topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type); $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"); - + $template->assign_block_vars('topicrow', array( - 'FORUM_ID' => $forum_id, - 'TOPIC_ID' => $topic_id, - 'TOPIC_TITLE' => censor_text($row['topic_title']), - 'TOPIC_TYPE' => $topic_type, + 'FORUM_ID' => $forum_id, + 'TOPIC_ID' => $topic_id, + 'TOPIC_TITLE' => censor_text($row['topic_title']), + 'TOPIC_TYPE' => $topic_type, 'FORUM_NAME' => $row['forum_name'], 'S_DELETED_TOPIC' => (!$row['topic_id']) ? true : false, 'S_GLOBAL_TOPIC' => (!$forum_id) ? true : false, - 'TOPIC_AUTHOR' => topic_topic_author($row), - 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'TOPIC_AUTHOR' => topic_topic_author($row), + 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), - 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], - 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), + 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], + 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), 'POSTED_AT' => $user->format_date($row['topic_time']), - - 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), - 'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'), - 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '', - 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), - - 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', - 'U_VIEW_TOPIC' => $view_topic_url, - 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), - 'U_MOVE_UP' => ($row['order_id'] != 1) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_up=' . $row['order_id']) : '', - 'U_MOVE_DOWN' => ($row['order_id'] != $max_order_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_down=' . $row['order_id']) : '') + + 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), + 'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'), + 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '', + 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), + + 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], + 'U_LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', + 'U_VIEW_TOPIC' => $view_topic_url, + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), + 'U_MOVE_UP' => ($row['order_id'] != 1) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_up=' . $row['order_id']) : '', + 'U_MOVE_DOWN' => ($row['order_id'] != $max_order_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_down=' . $row['order_id']) : '') ); } - break; + break; case 'drafts': - + $pm_drafts = ($this->p_master->p_name == 'pm') ? true : false; $template->assign_var('S_SHOW_DRAFTS', true); $user->add_lang('posting'); - $edit = (isset($_REQUEST['edit'])) ? true : false; - $submit = (isset($_POST['submit'])) ? true : false; - $draft_id = ($edit) ? intval($_REQUEST['edit']) : 0; - $delete = (isset($_POST['delete'])) ? true : false; + $edit = (isset($_REQUEST['edit'])) ? true : false; + $submit = (isset($_POST['submit'])) ? true : false; + $draft_id = ($edit) ? intval($_REQUEST['edit']) : 0; + $delete = (isset($_POST['delete'])) ? true : false; $s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : ''; $draft_subject = $draft_message = ''; @@ -672,7 +672,7 @@ class ucp_main WHERE d.user_id = ' . $user->data['user_id'] . ' ' . (($edit) ? "AND d.draft_id = $draft_id" : '') . ' AND f.forum_id = d.forum_id - ORDER BY d.save_time DESC'; + ORDER BY d.save_time DESC'; } else { @@ -681,10 +681,10 @@ class ucp_main (($edit) ? "AND draft_id = $draft_id" : '') . ' AND forum_id = 0 AND topic_id = 0 - ORDER BY save_time DESC'; + ORDER BY save_time DESC'; } $result = $db->sql_query($sql); - + $draftrows = $topic_ids = array(); while ($row = $db->sql_fetchrow($result)) @@ -696,7 +696,7 @@ class ucp_main $draftrows[] = $row; } $db->sql_freeresult($result); - + if (sizeof($topic_ids)) { $sql = 'SELECT topic_id, forum_id, topic_title @@ -711,7 +711,7 @@ class ucp_main $db->sql_freeresult($result); } unset($topic_ids); - + $template->assign_var('S_EDIT_DRAFT', $edit); $row_count = 0; @@ -741,7 +741,7 @@ class ucp_main $link_pm = true; $insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&d=" . $draft['draft_id']); } - + $template_row = array( 'DATE' => $user->format_date($draft['save_time']), 'DRAFT_MESSAGE' => ($submit) ? $draft_message : $draft['draft_message'], @@ -762,7 +762,7 @@ class ucp_main 'S_HIDDEN_FIELDS' => $s_hidden_fields ); $row_count++; - + ($edit) ? $template->assign_vars($template_row) : $template->assign_block_vars('draftrow', $template_row); } @@ -778,9 +778,9 @@ class ucp_main $template->assign_vars(array( 'L_TITLE' => $user->lang['UCP_MAIN_' . strtoupper($mode)], - 'S_DISPLAY_MARK_ALL'=> ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false, - 'S_HIDDEN_FIELDS' => (isset($s_hidden_fields)) ? $s_hidden_fields : '', - 'S_UCP_ACTION' => $this->u_action) + 'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false, + 'S_HIDDEN_FIELDS' => (isset($s_hidden_fields)) ? $s_hidden_fields : '', + 'S_UCP_ACTION' => $this->u_action) ); // Set desired template diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 18ca027582..b2dd23b9d8 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -38,7 +38,7 @@ class ucp_pm function main($id, $mode) { global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config; - + if (!$user->data['is_registered']) { trigger_error('NO_MESSAGE'); @@ -101,7 +101,7 @@ class ucp_pm 'U_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'), 'UA_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox', false)) ); - + $tpl_file = 'ucp_pm_popup'; break; @@ -116,7 +116,7 @@ class ucp_pm trigger_error('NO_AUTH_SEND_MESSAGE'); } - include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.'.$phpEx); + include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); compose_pm($id, $mode, $action); $tpl_file = 'posting_body'; @@ -134,7 +134,7 @@ class ucp_pm get_folder($user->data['user_id']); - include($phpbb_root_path . 'includes/ucp/ucp_pm_options.'.$phpEx); + include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); $tpl_file = 'ucp_pm_options'; @@ -144,21 +144,21 @@ class ucp_pm get_folder($user->data['user_id']); $this->p_name = 'pm'; - + // Call another module... please do not try this at home... Hoochie Coochie Man - include($phpbb_root_path . 'includes/ucp/ucp_main.'.$phpEx); + include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); $module = new ucp_main($this); $module->main($id, $mode); $this->tpl_name = $module->tpl_name; - + unset($module); return; break; case 'view': - + $sql = 'SELECT group_message_limit FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $user->data['group_id']; @@ -203,8 +203,8 @@ class ucp_pm // First Handle Mark actions and moving messages $submit_mark = (isset($_POST['submit_mark'])) ? true : false; $move_pm = (isset($_POST['move_pm'])) ? true : false; - $mark_option = request_var('mark_option', ''); - $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); + $mark_option = request_var('mark_option', ''); + $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); // Is moving PM triggered through mark options? if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark) @@ -364,7 +364,7 @@ class ucp_pm if ($action == 'view_folder') { - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.'.$phpEx); + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); view_folder($id, $mode, $folder_id, $folder); $tpl_file = 'ucp_pm_viewfolder'; @@ -381,7 +381,7 @@ class ucp_pm trigger_error('NO_MESSAGE'); } - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.'.$phpEx); + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row); $tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; @@ -391,6 +391,7 @@ class ucp_pm default: trigger_error('NO_ACTION_MODE'); + break; } $template->assign_vars(array( diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 6b6542f498..3362b5d9b4 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -27,15 +27,19 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { case 1: $set_folder_id = FULL_FOLDER_DELETE; - break; + break; + case 2: $set_folder_id = request_var('full_move_to', PRIVMSGS_INBOX); - break; + break; + case 3: $set_folder_id = FULL_FOLDER_HOLD; - break; + break; + default: $full_action = 0; + break; } if ($full_action) @@ -46,7 +50,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $db->sql_query($sql); $user->data['user_full_folder'] = $set_folder_id; - + $message = $user->lang['FULL_FOLDER_OPTION_CHANGED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); meta_refresh(3, $redirect_url); trigger_error($message); @@ -65,12 +69,13 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit WHERE folder_name = '" . $db->sql_escape($folder_name) . "' AND user_id = " . $user->data['user_id']; $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($db->sql_fetchrow($result)) + if ($row) { trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name)); } - $db->sql_freeresult($result); $sql = 'SELECT COUNT(folder_id) as num_folder FROM ' . PRIVMSGS_FOLDER_TABLE . ' @@ -85,7 +90,9 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit } $sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array( - 'user_id' => (int) $user->data['user_id'], 'folder_name' => $folder_name)); + 'user_id' => (int) $user->data['user_id'], + 'folder_name' => $folder_name) + ); $db->sql_query($sql); $message = $user->lang['FOLDER_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); @@ -93,7 +100,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit trigger_error($message); } } - + // Rename folder if (isset($_POST['rename_folder'])) { @@ -144,7 +151,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { trigger_error('CANNOT_MOVE_TO_SAME_FOLDER'); } - + // Select custom folder $sql = 'SELECT folder_name, pm_count FROM ' . PRIVMSGS_FOLDER_TABLE . " @@ -195,12 +202,12 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { trigger_error(sprintf($user->lang['MOVE_PM_ERROR'], $num_moved, $folder_row['pm_count'])); } - break; + break; // Remove Messages case 2: delete_pm($user->data['user_id'], $msg_ids, $remove_folder_id); - break; + break; } // Remove folder @@ -256,7 +263,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { trigger_error('RULE_NOT_DEFINED'); } - + $rule_ary = array( 'user_id' => $user->data['user_id'], 'rule_check' => $check_option, @@ -272,20 +279,23 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit FROM ' . PRIVMSGS_RULES_TABLE . ' WHERE ' . $db->sql_build_array('SELECT', $rule_ary); $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($db->sql_fetchrow($result)) + if ($row) { trigger_error('RULE_ALREADY_DEFINED'); } - $db->sql_freeresult($result); - + $sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary); $db->sql_query($sql); // Update users message rules - $sql = 'UPDATE ' . USERS_TABLE . ' SET user_message_rules = 1 WHERE user_id = ' . $user->data['user_id']; + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_message_rules = 1 + WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); - + $message = $user->lang['RULE_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); meta_refresh(3, $redirect_url); trigger_error($message); @@ -322,9 +332,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $db->sql_freeresult($result); // Update users message rules - if ($row) + if (!$row) { - $sql = 'UPDATE ' . USERS_TABLE . ' SET user_message_rules = 0 WHERE user_id = ' . $user->data['user_id']; + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_message_rules = 0 + WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); } @@ -337,7 +349,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit confirm_box(false, 'DELETE_RULE', build_hidden_fields(array('delete_rule' => array($delete_id => 1)))); } } - + $folder = array(); $sql = 'SELECT COUNT(msg_id) as num_messages @@ -349,8 +361,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $db->sql_freeresult($result); $folder[PRIVMSGS_INBOX] = array( - 'folder_name' => $user->lang['PM_INBOX'], - 'message_status'=> sprintf($user->lang['FOLDER_MESSAGE_STATUS'], $num_messages, $user->data['message_limit']) + 'folder_name' => $user->lang['PM_INBOX'], + 'message_status' => sprintf($user->lang['FOLDER_MESSAGE_STATUS'], $num_messages, $user->data['message_limit']) ); $sql = 'SELECT folder_id, folder_name, pm_count @@ -363,8 +375,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { $num_user_folder++; $folder[$row['folder_id']] = array( - 'folder_name' => $row['folder_name'], - 'message_status'=> sprintf($user->lang['FOLDER_MESSAGE_STATUS'], $row['pm_count'], $user->data['message_limit']) + 'folder_name' => $row['folder_name'], + 'message_status' => sprintf($user->lang['FOLDER_MESSAGE_STATUS'], $row['pm_count'], $user->data['message_limit']) ); } $db->sql_freeresult($result); @@ -385,7 +397,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { $s_full_folder_options .= '<option value="' . $folder_id . '"' . (($user->data['user_full_folder'] == $folder_id) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . ' (' . $folder_ary['message_status'] . ')</option>'; $s_to_folder_options .= '<option value="' . $folder_id . '"' . (($to_folder_id == $folder_id) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . ' (' . $folder_ary['message_status'] . ')</option>'; - + if ($folder_id != PRIVMSGS_INBOX) { $s_folder_options .= '<option value="' . $folder_id . '">' . $folder_ary['folder_name'] . ' (' . $folder_ary['message_status'] . ')</option>'; @@ -402,11 +414,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { case 1: $s_delete_checked = ' checked="checked"'; - break; + break; case 2: $s_hold_checked = ' checked="checked"'; - break; + break; } } @@ -420,7 +432,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit 'S_MAX_FOLDER_REACHED' => ($num_user_folder >= $config['pm_max_boxes']) ? true : false, 'DEFAULT_ACTION' => ($config['full_folder_action'] == 1) ? $user->lang['DELETE_OLDEST_MESSAGES'] : $user->lang['HOLD_NEW_MESSAGES'], - + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=rule_string')) ); @@ -490,7 +502,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { define_action_option(false, $action_option, $action_lang, $folder); } - + show_defined_rules($user->data['user_id'], $check_lang, $rule_lang, $action_lang, $folder); } @@ -612,7 +624,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule ); return; } - + // Define Condition $condition = $global_rule_conditions[$rule_option]; $current_value = ''; @@ -630,7 +642,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule ); $current_value = $rule_string; - break; + break; case 'user': $rule_user_id = request_var('rule_user_id', 0); @@ -640,7 +652,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule { $sql = 'SELECT user_id FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($rule_string) . "'"; + WHERE LOWER(username) = '" . $db->sql_escape(strtolower($rule_string)) . "'"; $result = $db->sql_query($sql); $rule_user_id = (int) $db->sql_fetchfield('user_id'); $db->sql_freeresult($result); @@ -673,7 +685,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule ); $current_value = $rule_string; - break; + break; case 'group': $rule_group_id = request_var('rule_group_id', 0); @@ -708,7 +720,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule ); $current_value = $rule_string; - break; + break; default: return; diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index b3421a203d..30dc8a8b09 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -35,7 +35,7 @@ function view_folder($id, $mode, $folder_id, $folder) { $template->assign_block_vars('pm_colour_info', array( 'IMG' => $user->img("pm_{$var}", ''), - 'CLASS' => "pm_{$var}_colour", + 'CLASS' => "pm_{$var}_colour", 'LANG' => $user->lang[strtoupper($var) . '_MESSAGE']) ); } @@ -125,7 +125,7 @@ function view_folder($id, $mode, $folder_id, $folder) FROM ' . GROUPS_TABLE . ' WHERE group_id'; } - $sql .= ' IN (' . implode(', ', array_keys($recipient_list[$ug_type])) . ')'; + $sql .= ' IN (' . implode(', ', array_map('intval', array_keys($recipient_list[$ug_type]))) . ')'; $result = $db->sql_query($sql); @@ -185,16 +185,16 @@ function view_folder($id, $mode, $folder_id, $folder) $template->assign_block_vars('messagerow', array( 'PM_CLASS' => ($row_indicator) ? 'pm_' . $row_indicator . '_colour' : '', - 'FOLDER_ID' => $folder_id, + 'FOLDER_ID' => $folder_id, 'MESSAGE_ID' => $message_id, 'MESSAGE_AUTHOR' => $message_author, - 'SENT_TIME' => $user->format_date($row['message_time']), + 'SENT_TIME' => $user->format_date($row['message_time']), 'SUBJECT' => censor_text($row['message_subject']), 'FOLDER' => (isset($folder[$row['folder_id']])) ? $folder[$row['folder_id']]['folder_name'] : '', 'U_FOLDER' => (isset($folder[$row['folder_id']])) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'folder=' . $row['folder_id']) : '', 'PM_ICON_IMG' => (!empty($icons[$row['icon_id']])) ? '<img src="' . $config['icons_path'] . '/' . $icons[$row['icon_id']]['img'] . '" width="' . $icons[$row['icon_id']]['width'] . '" height="' . $icons[$row['icon_id']]['height'] . '" alt="" title="" />' : '', 'FOLDER_IMG' => $user->img($folder_img, $folder_alt), - 'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '', + 'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '', 'ATTACH_ICON_IMG' => ($auth->acl_get('u_download') && $row['message_attachment'] && $config['allow_pm_attach'] && $config['auth_download_pm']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', 'S_PM_DELETED' => ($row['deleted']) ? true : false, @@ -207,7 +207,7 @@ function view_folder($id, $mode, $folder_id, $folder) unset($folder_info['rowset']); $template->assign_vars(array( - 'S_SHOW_RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? true : false, + 'S_SHOW_RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? true : false, 'S_SHOW_COLOUR_LEGEND' => true) ); } @@ -238,7 +238,8 @@ function view_folder($id, $mode, $folder_id, $folder) { $row = &$folder_info['rowset'][$message_id]; - include_once($phpbb_root_path . 'includes/functions_posting.'.$phpEx); + include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + $sql = 'SELECT p.message_text, p.bbcode_uid FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE t.user_id = ' . $user->data['user_id'] . " @@ -255,8 +256,19 @@ function view_folder($id, $mode, $folder_id, $folder) { if (isset($address[$message_id][$ug_type]) && sizeof($address[$message_id][$ug_type])) { - $sql = ($ug_type == 'u') ? 'SELECT user_id as id, username as name FROM ' . USERS_TABLE . ' WHERE user_id' : 'SELECT group_id as id, group_name as name FROM ' . GROUPS_TABLE . ' WHERE group_id'; - $sql .= ' IN (' . implode(', ', array_keys($address[$message_id][$ug_type])) . ')'; + if ($ug_type == 'u') + { + $sql = 'SELECT user_id as id, username as name + FROM ' . USERS_TABLE . ' + WHERE user_id'; + } + else + { + $sql = 'SELECT group_id as id, group_name as name + FROM ' . GROUPS_TABLE . ' + WHERE group_id'; + } + $sql .= ' IN (' . implode(', ', array_map('intval', array_keys($address[$message_id][$ug_type]))) . ')'; $result = $db->sql_query($sql); @@ -311,6 +323,7 @@ function view_folder($id, $mode, $folder_id, $folder) $value['bcc'] .= (isset($values['bcc']) && is_array($values['bcc'])) ? ',' . implode(',', $values['bcc']) : ''; $value['to'] .= (isset($values['to']) && is_array($values['to'])) ? ',' . implode(',', $values['to']) : ''; } + // Remove the commas which will appear before the first entry. $value['to'] = substr($value['to'], 1); $value['bcc'] = substr($value['bcc'], 1); @@ -332,14 +345,15 @@ function view_folder($id, $mode, $folder_id, $folder) $string = substr($string, 0, -1) . $newline; } break; + case 'XML': $mimetype = 'application/xml'; $filetype = 'xml'; $string = '<?xml version="1.0"?>' . "\n"; $string .= "<phpbb>\n"; + foreach ($data as $value) { - $string .= "\t<privmsg>\n"; if (is_array($value['to'])) @@ -366,7 +380,9 @@ function view_folder($id, $mode, $folder_id, $folder) $string .= "\t</privmsg>\n"; } $string .= '</phpbb>'; + break; } + header('Pragma: no-cache'); header("Content-Type: $mimetype; name=\"data.$filetype\""); header("Content-disposition: attachment; filename=data.$filetype"); @@ -407,6 +423,11 @@ function get_pm_from($folder_id, $folder, $user_id) { $min_post_time = time() - ($sort_days * 86400); + if (isset($_POST['sort'])) + { + $start = 0; + } + $sql = 'SELECT COUNT(t.msg_id) AS pm_count FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . " p WHERE $folder_sql @@ -414,13 +435,7 @@ function get_pm_from($folder_id, $folder, $user_id) AND t.msg_id = p.msg_id AND p.message_time >= $min_post_time"; $result = $db->sql_query_limit($sql, 1); - - if (isset($_POST['sort'])) - { - $start = 0; - } - - $pm_count = ($row = $db->sql_fetchrow($result)) ? $row['pm_count'] : 0; + $pm_count = (int) $db->sql_fetchfield('pm_count'); $db->sql_freeresult($result); $sql_limit_time = "AND p.message_time >= $min_post_time"; @@ -432,9 +447,9 @@ function get_pm_from($folder_id, $folder, $user_id) } $template->assign_vars(array( - 'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=view&action=view_folder&f=$folder_id&$u_sort_param"), $pm_count, $config['topics_per_page'], $start), - 'PAGE_NUMBER' => on_page($pm_count, $config['topics_per_page'], $start), - 'TOTAL_MESSAGES'=> (($pm_count == 1) ? $user->lang['VIEW_PM_MESSAGE'] : sprintf($user->lang['VIEW_PM_MESSAGES'], $pm_count)), + 'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=view&action=view_folder&f=$folder_id&$u_sort_param"), $pm_count, $config['topics_per_page'], $start), + 'PAGE_NUMBER' => on_page($pm_count, $config['topics_per_page'], $start), + 'TOTAL_MESSAGES' => (($pm_count == 1) ? $user->lang['VIEW_PM_MESSAGE'] : sprintf($user->lang['VIEW_PM_MESSAGES'], $pm_count)), 'POST_IMG' => (!$auth->acl_get('u_sendpm')) ? $user->img('btn_locked', 'PM_LOCKED') : $user->img('btn_post_pm', 'POST_PM'), @@ -483,7 +498,6 @@ function get_pm_from($folder_id, $folder, $user_id) AND t.msg_id = p.msg_id $sql_limit_time ORDER BY $sql_sort_order"; - $result = $db->sql_query_limit($sql, $sql_limit, $sql_start); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 7261066288..e66b519327 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -38,10 +38,12 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $icons = array(); $cache->obtain_icons($icons); + $bbcode = false; + // Instantiate BBCode if need be if ($message_row['bbcode_bitfield']) { - include($phpbb_root_path . 'includes/bbcode.'.$phpEx); + include($phpbb_root_path . 'includes/bbcode.' . $phpEx); $bbcode = new bbcode($message_row['bbcode_bitfield']); } @@ -146,9 +148,9 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) { if ($user_info['user_sig_bbcode_bitfield']) { - if (!isset($bbcode) || !$bbcode) + if ($bbcode === false) { - include($phpbb_root_path . 'includes/bbcode.'.$phpEx); + include($phpbb_root_path . 'includes/bbcode.' . $phpEx); $bbcode = new bbcode($user_info['user_sig_bbcode_bitfield']); } @@ -163,41 +165,41 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $template->assign_vars(array( 'AUTHOR_NAME' => ($user_info['user_colour']) ? '<span style="color:#' . $user_info['user_colour'] . '">' . $user_info['username'] . '</span>' : $user_info['username'], - 'AUTHOR_RANK' => $user_info['rank_title'], - 'RANK_IMAGE' => $user_info['rank_image'], + 'AUTHOR_RANK' => $user_info['rank_title'], + 'RANK_IMAGE' => $user_info['rank_image'], 'AUTHOR_AVATAR' => (isset($user_info['avatar'])) ? $user_info['avatar'] : '', 'AUTHOR_JOINED' => $user->format_date($user_info['user_regdate']), - 'AUTHOR_POSTS' => (!empty($user_info['user_posts'])) ? $user_info['user_posts'] : '', - 'AUTHOR_FROM' => (!empty($user_info['user_from'])) ? $user_info['user_from'] : '', + 'AUTHOR_POSTS' => (!empty($user_info['user_posts'])) ? $user_info['user_posts'] : '', + 'AUTHOR_FROM' => (!empty($user_info['user_from'])) ? $user_info['user_from'] : '', 'ONLINE_IMG' => (!$config['load_onlinetrack']) ? '' : ((isset($user_info['online']) && $user_info['online']) ? $user->img('btn_online', $user->lang['ONLINE']) : $user->img('btn_offline', $user->lang['OFFLINE'])), 'S_ONLINE' => (!$config['load_onlinetrack']) ? false : ((isset($user_info['online']) && $user_info['online']) ? true : false), - 'DELETE_IMG' => $user->img('btn_delete', $user->lang['DELETE_MESSAGE']), - 'INFO_IMG' => $user->img('btn_info', $user->lang['VIEW_PM_INFO']), + 'DELETE_IMG' => $user->img('btn_delete', $user->lang['DELETE_MESSAGE']), + 'INFO_IMG' => $user->img('btn_info', $user->lang['VIEW_PM_INFO']), 'PROFILE_IMG' => $user->img('btn_profile', $user->lang['READ_PROFILE']), - 'EMAIL_IMG' => $user->img('btn_email', $user->lang['SEND_EMAIL']), - 'QUOTE_IMG' => $user->img('btn_quote', $user->lang['POST_QUOTE_PM']), + 'EMAIL_IMG' => $user->img('btn_email', $user->lang['SEND_EMAIL']), + 'QUOTE_IMG' => $user->img('btn_quote', $user->lang['POST_QUOTE_PM']), 'REPLY_IMG' => $user->img('btn_reply_pm', $user->lang['POST_REPLY_PM']), - 'EDIT_IMG' => $user->img('btn_edit', $user->lang['POST_EDIT_PM']), + 'EDIT_IMG' => $user->img('btn_edit', $user->lang['POST_EDIT_PM']), 'MINI_POST_IMG' => $user->img('icon_post', $user->lang['PM']), - 'SENT_DATE' => $user->format_date($message_row['message_time']), + 'SENT_DATE' => $user->format_date($message_row['message_time']), 'SUBJECT' => $message_row['message_subject'], - 'MESSAGE' => $message, - 'SIGNATURE' => ($message_row['enable_sig']) ? $signature : '', + 'MESSAGE' => $message, + 'SIGNATURE' => ($message_row['enable_sig']) ? $signature : '', 'EDITED_MESSAGE' => $l_edited_by, 'U_INFO' => ($auth->acl_get('m_info') && $message_row['forwarded']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'mode=pm_details&p=' . $message_row['msg_id'], true, $user->session_id) : '', - 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', + 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_AUTHOR_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $author_id), - 'U_EMAIL' => $user_info['email'], - 'U_QUOTE' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', - 'U_EDIT' => (($message_row['message_time'] > time() - $config['pm_edit_time'] || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', - 'U_POST_REPLY_PM' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '', + 'U_EMAIL' => $user_info['email'], + 'U_QUOTE' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', + 'U_EDIT' => (($message_row['message_time'] > time() - $config['pm_edit_time'] || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', + 'U_POST_REPLY_PM' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_PREVIOUS_PM' => "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=previous", 'U_NEXT_PM' => "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=next", - 'S_HAS_ATTACHMENTS' => (sizeof($attachments)) ? true : false, + 'S_HAS_ATTACHMENTS' => (sizeof($attachments)) ? true : false, 'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'], 'U_PRINT_PM' => ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '', @@ -253,9 +255,11 @@ function message_history($msg_id, $user_id, $message_row, $folder) $sql .= ($sort_dir == 'd') ? 'ASC' : 'DESC'; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); - if (!($row = $db->sql_fetchrow($result))) + if (!$row) { + $db->sql_freeresult($result); return false; } @@ -291,11 +295,11 @@ function message_history($msg_id, $user_id, $message_row, $folder) } // Instantiate BBCode class - if (!isset($bbcode) && $bbcode_bitfield) + if ((empty($bbcode) || $bbcode === false) && $bbcode_bitfield) { if (!class_exists('bbcode')) { - include($phpbb_root_path . 'includes/bbcode.'.$phpEx); + include($phpbb_root_path . 'includes/bbcode.' . $phpEx); } $bbcode = new bbcode($bbcode_bitfield); } @@ -332,10 +336,10 @@ function message_history($msg_id, $user_id, $message_row, $folder) } $template->assign_block_vars('history_row', array( - 'AUTHOR_NAME' => $author, - 'SUBJECT' => $subject, - 'SENT_DATE' => $user->format_date($row['message_time']), - 'MESSAGE' => str_replace("\n", '<br />', $message), + 'AUTHOR_NAME' => $author, + 'SUBJECT' => $subject, + 'SENT_DATE' => $user->format_date($row['message_time']), + 'MESSAGE' => str_replace("\n", '<br />', $message), 'FOLDER' => implode(', ', $row['folder']), 'S_CURRENT_MSG' => ($row['msg_id'] == $msg_id), @@ -351,7 +355,7 @@ function message_history($msg_id, $user_id, $message_row, $folder) } $template->assign_vars(array( - 'QUOTE_IMG' => $user->img('btn_quote', $user->lang['REPLY_WITH_QUOTE']), + 'QUOTE_IMG' => $user->img('btn_quote', $user->lang['REPLY_WITH_QUOTE']), 'TITLE' => $title, 'U_VIEW_NEXT_HISTORY' => "$url&p=" . (($next_history_pm) ? $next_history_pm : $msg_id), @@ -396,9 +400,11 @@ function get_user_informations($user_id, $user_row) WHERE session_user_id = $user_id GROUP BY session_user_id"; $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); $update_time = $config['load_online_time'] * 60; - if ($row = $db->sql_fetchrow($result)) + if ($row) { $user_row['online'] = (time() - $update_time < $row['online_time'] && ($row['viewonline'] && $user_row['user_allow_viewonline'])) ? true : false; } @@ -415,10 +421,11 @@ function get_user_informations($user_id, $user_row) { case AVATAR_UPLOAD: $avatar_img = $config['avatar_path'] . '/'; - break; + break; + case AVATAR_GALLERY: $avatar_img = $config['avatar_gallery_path'] . '/'; - break; + break; } $avatar_img .= $user_row['user_avatar']; @@ -426,7 +433,7 @@ function get_user_informations($user_id, $user_row) } $user_row['rank_title'] = $user_row['rank_image'] = ''; - + if (!empty($user_row['user_rank'])) { $user_row['rank_title'] = (isset($ranks['special'][$user_row['user_rank']])) ? $ranks['special'][$user_row['user_rank']]['rank_title'] : ''; diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 9882d9c223..a8ca9ad844 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -29,6 +29,14 @@ class ucp_prefs { case 'personal': + $data = array( + 'notifymethod' => $user->data['user_notify_type'], + 'dateformat' => $user->data['user_dateformat'], + 'lang' => $user->data['user_lang'], + 'style' => $user->data['user_style'], + 'tz' => $user->data['user_timezone'], + ); + if ($submit) { $var_ary = array( @@ -58,27 +66,25 @@ class ucp_prefs ); $error = validate_data($data, $var_ary); - extract($data); - unset($data); if (!sizeof($error)) { - $user->optionset('popuppm', $popuppm); + $user->optionset('popuppm', $data['popuppm']); $sql_ary = array( - 'user_allow_pm' => $allowpm, - 'user_allow_viewemail' => $viewemail, - 'user_allow_massemail' => $massemail, - 'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$hideonline : $user->data['user_allow_viewonline'], - 'user_notify_type' => $notifymethod, - 'user_notify_pm' => $notifypm, + 'user_allow_pm' => $data['allowpm'], + 'user_allow_viewemail' => $data['viewemail'], + 'user_allow_massemail' => $data['massemail'], + 'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$data['hideonline'] : $user->data['user_allow_viewonline'], + 'user_notify_type' => $data['notifymethod'], + 'user_notify_pm' => $data['notifypm'], 'user_options' => $user->data['user_options'], - 'user_dst' => $dst, - 'user_dateformat' => $dateformat, - 'user_lang' => $lang, - 'user_timezone' => $tz, - 'user_style' => $style, + 'user_dst' => $data['dst'], + 'user_dateformat' => $data['dateformat'], + 'user_lang' => $data['lang'], + 'user_timezone' => $data['tz'], + 'user_style' => $data['style'], ); $sql = 'UPDATE ' . USERS_TABLE . ' @@ -95,39 +101,11 @@ class ucp_prefs $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } - $viewemail = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail']; - $view_email_yes = ($viewemail) ? ' checked="checked"' : ''; - $view_email_no = (!$viewemail) ? ' checked="checked"' : ''; - $massemail = (isset($massemail)) ? $massemail : $user->data['user_allow_massemail']; - $mass_email_yes = ($massemail) ? ' checked="checked"' : ''; - $mass_email_no = (!$massemail) ? ' checked="checked"' : ''; - $allowpm = (isset($allowpm)) ? $allowpm : $user->data['user_allow_pm']; - $allow_pm_yes = ($allowpm) ? ' checked="checked"' : ''; - $allow_pm_no = (!$allowpm) ? ' checked="checked"' : ''; - $hideonline = (isset($hideonline)) ? $hideonline : !$user->data['user_allow_viewonline']; - $hide_online_yes = ($hideonline) ? ' checked="checked"' : ''; - $hide_online_no = (!$hideonline) ? ' checked="checked"' : ''; - $notifypm = (isset($notifypm)) ? $notifypm : $user->data['user_notify_pm']; - $notify_pm_yes = ($notifypm) ? ' checked="checked"' : ''; - $notify_pm_no = (!$notifypm) ? ' checked="checked"' : ''; - $popuppm = (isset($popuppm)) ? $popuppm : $user->optionget('popuppm'); - $popup_pm_yes = ($popuppm) ? ' checked="checked"' : ''; - $popup_pm_no = (!$popuppm) ? ' checked="checked"' : ''; - $dst = (isset($dst)) ? $dst : $user->data['user_dst']; - $dst_yes = ($dst) ? ' checked="checked"' : ''; - $dst_no = (!$dst) ? ' checked="checked"' : ''; - - $notifymethod = (isset($notifymethod)) ? $notifymethod : $user->data['user_notify_type']; - $dateformat = (isset($dateformat)) ? $dateformat : $user->data['user_dateformat']; - $lang = (isset($lang)) ? $lang : $user->data['user_lang']; - $style = (isset($style)) ? $style : $user->data['user_style']; - $tz = (isset($tz)) ? $tz : $user->data['user_timezone']; - $dateformat_options = ''; foreach ($user->lang['dateformats'] as $format => $null) { - $dateformat_options .= '<option value="' . $format . '"' . (($format == $dateformat) ? ' selected="selected"' : '') . '>'; + $dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>'; $dateformat_options .= $user->format_date(time(), $format, true) . ((strpos($format, '|') !== false) ? ' [' . $user->lang['RELATIVE_DAYS'] . ']' : ''); $dateformat_options .= '</option>'; } @@ -135,7 +113,7 @@ class ucp_prefs $s_custom = false; $dateformat_options .= '<option value="custom"'; - if (!in_array($dateformat, array_keys($user->lang['dateformats']))) + if (!in_array($data['dateformat'], array_keys($user->lang['dateformats']))) { $dateformat_options .= ' selected="selected"'; $s_custom = true; @@ -145,58 +123,54 @@ class ucp_prefs $template->assign_vars(array( 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', - 'VIEW_EMAIL_YES' => $view_email_yes, - 'VIEW_EMAIL_NO' => $view_email_no, - 'ADMIN_EMAIL_YES' => $mass_email_yes, - 'ADMIN_EMAIL_NO' => $mass_email_no, - 'HIDE_ONLINE_YES' => $hide_online_yes, - 'HIDE_ONLINE_NO' => $hide_online_no, - 'ALLOW_PM_YES' => $allow_pm_yes, - 'ALLOW_PM_NO' => $allow_pm_no, - 'NOTIFY_PM_YES' => $notify_pm_yes, - 'NOTIFY_PM_NO' => $notify_pm_no, - 'POPUP_PM_YES' => $popup_pm_yes, - 'POPUP_PM_NO' => $popup_pm_no, - 'DST_YES' => $dst_yes, - 'DST_NO' => $dst_no, - 'NOTIFY_EMAIL' => ($notifymethod == NOTIFY_EMAIL) ? 'checked="checked"' : '', - 'NOTIFY_IM' => ($notifymethod == NOTIFY_IM) ? 'checked="checked"' : '', - 'NOTIFY_BOTH' => ($notifymethod == NOTIFY_BOTH) ? 'checked="checked"' : '', - - 'DATE_FORMAT' => $dateformat, + 'S_NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, + 'S_NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, + 'S_NOTIFY_BOTH' => ($data['notifymethod'] == NOTIFY_BOTH) ? true : false, + 'S_VIEW_EMAIL' => (isset($data['viewemail'])) ? $data['viewemail'] : $user->data['user_allow_viewemail'], + 'S_MASS_EMAIL' => (isset($data['massemail'])) ? $data['massemail'] : $user->data['user_allow_massemail'], + 'S_ALLOW_PM' => (isset($data['allowpm'])) ? $data['allowpm'] : $user->data['user_allow_pm'], + 'S_HIDE_ONLINE' => (isset($data['hideonline'])) ? $data['hideonline'] : !$user->data['user_allow_viewonline'], + 'S_NOTIFY_PM' => (isset($data['notifypm'])) ? $data['notifypm'] : $user->data['user_notify_pm'], + 'S_POPUP_PM' => (isset($data['popuppm'])) ? $data['popuppm'] : $user->optionget('popuppm'), + 'S_DST' => (isset($data['dst'])) ? $data['dst'] : $user->data['user_dst'], + + 'DATE_FORMAT' => $data['dateformat'], 'S_DATEFORMAT_OPTIONS' => $dateformat_options, 'S_CUSTOM_DATEFORMAT' => $s_custom, 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), - 'S_LANG_OPTIONS' => language_select($lang), - 'S_STYLE_OPTIONS' => style_select($style), - 'S_TZ_OPTIONS' => tz_select($tz), - 'S_CAN_HIDE_ONLINE' => true, + 'S_LANG_OPTIONS' => language_select($data['lang']), + 'S_STYLE_OPTIONS' => style_select($data['style']), + 'S_TZ_OPTIONS' => tz_select($data['tz']), + 'S_CAN_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false, 'S_SELECT_NOTIFY' => ($config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml')) ? true : false) ); - break; + + break; case 'view': - if ($submit) - { - $var_ary = array( - 'topic_sk' => (string) 't', - 'topic_sd' => (string) 'd', - 'topic_st' => 0, + $data = array( + 'topic_sk' => (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't', + 'topic_sd' => (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd', + 'topic_st' => (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0, - 'post_sk' => (string) 't', - 'post_sd' => (string) 'a', - 'post_st' => 0, + 'post_sk' => (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't', + 'post_sd' => (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a', + 'post_st' => (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0, + ); + if ($submit) + { + $var_ary = array_merge($data, array( 'images' => true, 'flash' => false, 'smilies' => true, 'sigs' => true, 'avatars' => true, 'wordcensor'=> false, - ); + )); foreach ($var_ary as $var => $default) { @@ -211,30 +185,29 @@ class ucp_prefs ); $error = validate_data($data, $var_ary); - extract($data); - unset($data); if (!sizeof($error)) { - $user->optionset('viewimg', $images); - $user->optionset('viewflash', $flash); - $user->optionset('viewsmilies', $smilies); - $user->optionset('viewsigs', $sigs); - $user->optionset('viewavatars', $avatars); + $user->optionset('viewimg', $data['images']); + $user->optionset('viewflash', $data['flash']); + $user->optionset('viewsmilies', $data['smilies']); + $user->optionset('viewsigs', $data['sigs']); + $user->optionset('viewavatars', $data['avatars']); + if ($auth->acl_get('u_chgcensors')) { - $user->optionset('viewcensors', $wordcensor); + $user->optionset('viewcensors', $data['wordcensor']); } $sql_ary = array( - 'user_options' => $user->data['user_options'], - 'user_topic_sortby_type'=> $topic_sk, - 'user_post_sortby_type' => $post_sk, - 'user_topic_sortby_dir' => $topic_sd, - 'user_post_sortby_dir' => $post_sd, - - 'user_topic_show_days' => $topic_st, - 'user_post_show_days' => $post_st, + 'user_options' => $user->data['user_options'], + 'user_topic_sortby_type' => $data['topic_sk'], + 'user_post_sortby_type' => $data['post_sk'], + 'user_topic_sortby_dir' => $data['topic_sd'], + 'user_post_sortby_dir' => $data['post_sd'], + + 'user_topic_show_days' => $data['topic_st'], + 'user_post_show_days' => $data['post_st'], ); $sql = 'UPDATE ' . USERS_TABLE . ' @@ -251,15 +224,6 @@ class ucp_prefs $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } - $topic_sk = (isset($topic_sk)) ? $topic_sk : ((!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'); - $post_sk = (isset($post_sk)) ? $post_sk : ((!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'); - - $topic_sd = (isset($topic_sd)) ? $topic_sd : ((!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'); - $post_sd = (isset($post_sd)) ? $post_sd : ((!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'd'); - - $topic_st = (isset($topic_st)) ? $topic_st : ((!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0); - $post_st = (isset($post_st)) ? $post_st : ((!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0); - $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); // Topic ordering options @@ -280,7 +244,7 @@ class ucp_prefs ${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">'; foreach (${'limit_' . $sort_option . '_days'} as $day => $text) { - $selected = (${$sort_option . '_st'} == $day) ? ' selected="selected"' : ''; + $selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : ''; ${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; } ${'s_limit_' . $sort_option . '_days'} .= '</select>'; @@ -288,7 +252,7 @@ class ucp_prefs ${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">'; foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text) { - $selected = (${$sort_option . '_sk'} == $key) ? ' selected="selected"' : ''; + $selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; } ${'s_sort_' . $sort_option . '_key'} .= '</select>'; @@ -296,46 +260,21 @@ class ucp_prefs ${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">'; foreach ($sort_dir_text as $key => $value) { - $selected = (${$sort_option . '_sd'} == $key) ? ' selected="selected"' : ''; + $selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : ''; ${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; } - $images = (isset($images)) ? $images : $user->optionget('viewimg'); - $images_yes = ($images) ? ' checked="checked"' : ''; - $images_no = (!$images) ? ' checked="checked"' : ''; - $flash = (isset($flash)) ? $flash : $user->optionget('viewflash'); - $flash_yes = ($flash) ? ' checked="checked"' : ''; - $flash_no = (!$flash) ? ' checked="checked"' : ''; - $smilies = (isset($smilies)) ? $smilies : $user->optionget('viewsmilies'); - $smilies_yes = ($smilies) ? ' checked="checked"' : ''; - $smilies_no = (!$smilies) ? ' checked="checked"' : ''; - $sigs = (isset($sigs)) ? $sigs : $user->optionget('viewsigs'); - $sigs_yes = ($sigs) ? ' checked="checked"' : ''; - $sigs_no = (!$sigs) ? ' checked="checked"' : ''; - $avatars = (isset($avatars)) ? $avatars : $user->optionget('viewavatars'); - $avatars_yes = ($avatars) ? ' checked="checked"' : ''; - $avatars_no = (!$avatars) ? ' checked="checked"' : ''; - $wordcensor = (isset($wordcensor)) ? $wordcensor : $user->optionget('viewcensors'); - $wordcensor_yes = ($wordcensor) ? ' checked="checked"' : ''; - $wordcensor_no = (!$wordcensor) ? ' checked="checked"' : ''; - $template->assign_vars(array( 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', - 'VIEW_IMAGES_YES' => $images_yes, - 'VIEW_IMAGES_NO' => $images_no, - 'VIEW_FLASH_YES' => $flash_yes, - 'VIEW_FLASH_NO' => $flash_no, - 'VIEW_SMILIES_YES' => $smilies_yes, - 'VIEW_SMILIES_NO' => $smilies_no, - 'VIEW_SIGS_YES' => $sigs_yes, - 'VIEW_SIGS_NO' => $sigs_no, - 'VIEW_AVATARS_YES' => $avatars_yes, - 'VIEW_AVATARS_NO' => $avatars_no, - 'DISABLE_CENSORS_YES' => $wordcensor_yes, - 'DISABLE_CENSORS_NO' => $wordcensor_no, + 'S_IMAGES' => (isset($data['images'])) ? $data['images'] : $user->optionget('viewimg'), + 'S_FLASH' => (isset($data['flash'])) ? $data['flash'] : $user->optionget('viewflash'), + 'S_SMILIES' => (isset($data['smilies'])) ? $data['smilies'] : $user->optionget('viewsmilies'), + 'S_SIGS' => (isset($data['sigs'])) ? $data['sigs'] : $user->optionget('viewsigs'), + 'S_AVATARS' => (isset($data['avatars'])) ? $data['avatars'] : $user->optionget('viewavatars'), + 'S_DISABLE_CENSORS' => (isset($data['wordcensor'])) ? $data['wordcensor'] : $user->optionget('viewcensors'), 'S_CHANGE_CENSORS' => ($auth->acl_get('u_chgcensors')) ? true : false, @@ -347,75 +286,52 @@ class ucp_prefs 'S_POST_SORT_DIR' => $s_sort_post_dir) ); - break; + break; case 'post': + $data = array( + 'bbcode' => $user->optionget('bbcode'), + 'smilies' => $user->optionget('smilies'), + 'sig' => $user->optionget('attachsig'), + 'notify' => $user->data['user_notify'], + ); + if ($submit) { - $var_ary = array( - 'bbcode' => true, - 'smilies' => true, - 'sig' => true, - 'notify' => false, - ); + $var_ary = $data; foreach ($var_ary as $var => $default) { - $$var = request_var($var, $default); + $data[$var] = request_var($var, $default); } - $user->optionset('bbcode', $bbcode); - $user->optionset('smilies', $smilies); - $user->optionset('attachsig', $sig); + $user->optionset('bbcode', $data['bbcode']); + $user->optionset('smilies', $data['smilies']); + $user->optionset('attachsig', $data['sig']); - if (!sizeof($error)) - { - $sql_ary = array( - 'user_options' => $user->data['user_options'], - 'user_notify' => $notify, - ); - - $sql = 'UPDATE ' . USERS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $sql_ary = array( + 'user_options' => $user->data['user_options'], + 'user_notify' => $data['notify'], + ); - meta_refresh(3, $this->u_action); - $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - trigger_error($message); - } + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . $user->data['user_id']; + $db->sql_query($sql); - // Replace "error" strings with their real, localised form - $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); + meta_refresh(3, $this->u_action); + $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + trigger_error($message); } - $bbcode = (isset($bbcode)) ? $bbcode : $user->optionget('bbcode'); - $bbcode_yes = ($bbcode) ? ' checked="checked"' : ''; - $bbcode_no = (!$bbcode) ? ' checked="checked"' : ''; - $smilies = (isset($smilies)) ? $smilies : $user->optionget('smilies'); - $smilies_yes = ($smilies) ? ' checked="checked"' : ''; - $smilies_no = (!$smilies) ? ' checked="checked"' : ''; - $sig = (isset($sig)) ? $sig : $user->optionget('attachsig'); - $sig_yes = ($sig) ? ' checked="checked"' : ''; - $sig_no = (!$sig) ? ' checked="checked"' : ''; - $notify = (isset($notify)) ? $notify : $user->data['user_notify']; - $notify_yes = ($notify) ? ' checked="checked"' : ''; - $notify_no = (!$notify) ? ' checked="checked"' : ''; - $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', - - 'DEFAULT_BBCODE_YES' => $bbcode_yes, - 'DEFAULT_BBCODE_NO' => $bbcode_no, - 'DEFAULT_SMILIES_YES' => $smilies_yes, - 'DEFAULT_SMILIES_NO' => $smilies_no, - 'DEFAULT_SIG_YES' => $sig_yes, - 'DEFAULT_SIG_NO' => $sig_no, - 'DEFAULT_NOTIFY_YES' => $notify_yes, - 'DEFAULT_NOTIFY_NO' => $notify_no,) + 'S_BBCODE' => $data['bbcode'], + 'S_SMILIES' => $data['smilies'], + 'S_SIG' => $data['sig'], + 'S_NOTIFY' => $data['notify']) ); - break; + break; } $template->assign_vars(array( diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 7f593a26a5..ef39ba81a3 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -220,7 +220,7 @@ class ucp_profile 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), - 'S_FORCE_PASSWORD' => ($config['chg_passforce'] && $this->data['user_passchg'] < time() - $config['chg_passforce']) ? true : false, + 'S_FORCE_PASSWORD' => ($config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce']) ? true : false, 'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false, 'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false, 'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false) diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 928882e02f..7a55b3495b 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -24,16 +24,16 @@ class ucp_register // if ($config['require_activation'] == USER_ACTIVATION_DISABLE) { - trigger_error($user->lang['UCP_REGISTER_DISABLE']); + trigger_error('UCP_REGISTER_DISABLE'); } include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); - $confirm_id = request_var('confirm_id', ''); - $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; - $agreed = (!empty($_POST['agreed'])) ? 1 : 0; - $submit = (isset($_POST['submit'])) ? true : false; - $change_lang = request_var('change_lang', ''); + $confirm_id = request_var('confirm_id', ''); + $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; + $agreed = (!empty($_POST['agreed'])) ? 1 : 0; + $submit = (isset($_POST['submit'])) ? true : false; + $change_lang = request_var('change_lang', ''); if ($change_lang) { @@ -155,8 +155,10 @@ class ucp_register AND session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_type = " . CONFIRM_REG; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { if (strcasecmp($row['code'], $confirm_code) === 0) { @@ -177,7 +179,6 @@ class ucp_register $error[] = $user->lang['CONFIRM_CODE_WRONG']; $wrong_confirm = true; } - $db->sql_freeresult($result); } } @@ -193,7 +194,7 @@ class ucp_register $error[] = $user->lang['NEW_EMAIL_ERROR']; } } - + if (!sizeof($error)) { $server_url = generate_board_url(); @@ -208,12 +209,13 @@ class ucp_register WHERE group_name = '" . $db->sql_escape($group_name) . "' AND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result))) + if (!$row) { - trigger_error($user->lang['NO_GROUP']); + trigger_error('NO_GROUP'); } - $db->sql_freeresult($result); $group_id = $row['group_id']; @@ -223,7 +225,7 @@ class ucp_register { $user_actkey = gen_rand_string(10); $key_len = 54 - (strlen($server_url)); - $key_len = ($key_len > 6) ? $key_len : 6; + $key_len = ($key_len < 6) ? 6 : $key_len; $user_actkey = substr($user_actkey, 0, $key_len); $user_type = USER_INACTIVE; } @@ -233,80 +235,21 @@ class ucp_register $user_actkey = ''; } - // Begin transaction ... should this screw up we can rollback - $db->sql_transaction('begin'); - - $sql_ary = array( - 'username' => $username, - 'user_permissions' => '', - 'user_password' => md5($new_password), - 'user_email' => $email, - 'user_email_hash' => (int) crc32(strtolower($email)) . strlen($email), - 'group_id' => (int) $group_id, - 'user_timezone' => (float) $tz, - 'user_dateformat' => $config['default_dateformat'], - 'user_lang' => $lang, - 'user_style' => $config['default_style'], - 'user_allow_pm' => 1, - 'user_type' => $user_type, - 'user_actkey' => $user_actkey, - 'user_ip' => $user->ip, - 'user_regdate' => time(), - - 'user_lastmark' => time(), - 'user_lastvisit' => 0, - 'user_lastpost_time' => 0, - 'user_lastpage' => '', - 'user_posts' => 0, - 'user_dst' => 0, - 'user_colour' => '', - 'user_avatar' => '', - 'user_avatar_type' => 0, - 'user_avatar_width' => 0, - 'user_avatar_height' => 0, - 'user_new_privmsg' => 0, - 'user_unread_privmsg' => 0, - 'user_last_privmsg' => 0, - 'user_message_rules' => 0, - 'user_full_folder' => PRIVMSGS_NO_BOX, - 'user_emailtime' => 0, - - 'user_notify' => 0, - 'user_notify_pm' => 1, - 'user_notify_type' => NOTIFY_EMAIL, - 'user_allow_pm' => 1, - 'user_allow_email' => 1, - 'user_allow_viewonline' => 1, - 'user_allow_viewemail' => 1, - 'user_allow_massemail' => 1, - - 'user_sig' => '', - 'user_sig_bbcode_uid' => '', - 'user_sig_bbcode_bitfield' => 0, - ); - - $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); - $db->sql_query($sql); - - $user_id = $db->sql_nextid(); - - // Insert Custom Profile Fields - if (sizeof($cp_data)) - { - $cp_data['user_id'] = (int) $user_id; - $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp->build_insert_sql_array($cp_data)); - $db->sql_query($sql); - } - - // Place into appropriate group, either REGISTERED(_COPPA) or INACTIVE(_COPPA) depending on config - $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array( - 'user_id' => (int) $user_id, + $user_row = array( + 'username' => $username, + 'user_password' => md5($new_password), + 'user_email' => $email, 'group_id' => (int) $group_id, - 'user_pending' => 0) + 'user_timezone' => (float) $tz, + 'user_lang' => $lang, + 'user_type' => $user_type, + 'user_actkey' => $user_actkey, + 'user_ip' => $user->ip, + 'user_regdate' => time(), ); - $db->sql_query($sql); - $db->sql_transaction('commit'); + // Register user... + $user_id = user_add($user_row, $cp_data); if ($coppa && $config['email_enable']) { @@ -331,7 +274,7 @@ class ucp_register if ($config['email_enable']) { - include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); $messenger = new messenger(false); @@ -360,7 +303,7 @@ class ucp_register $messenger->assign_vars(array( 'FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], - 'EMAIL_ADDRESS' => $email, + 'EMAIL_ADDRESS' => $email, 'SITENAME' => $config['sitename']) ); } @@ -369,8 +312,7 @@ class ucp_register if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { - // Grab an array of user_id's with a_user permissions ... these users - // can activate a user + // Grab an array of user_id's with a_user permissions ... these users can activate a user $admin_ary = $auth->acl_get_list(false, 'a_user', false); $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type @@ -412,12 +354,13 @@ class ucp_register } $s_hidden_fields = build_hidden_fields(array( - 'agreed' => 'true', - 'coppa' => $coppa, + 'agreed' => 'true', + 'coppa' => $coppa, 'change_lang' => 0) ); $confirm_image = ''; + // Visual Confirmation - Show images if ($config['enable_confirm']) { @@ -448,16 +391,14 @@ class ucp_register WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_type = " . CONFIRM_REG; $result = $db->sql_query($sql); + $attempts = (int) $db->sql_fetchfield('attempts'); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($config['max_reg_attempts'] && $attempts > $config['max_reg_attempts']) { - if ($config['max_reg_attempts'] && $row['attempts'] >= $config['max_reg_attempts']) - { - trigger_error($user->lang['TOO_MANY_REGISTERS']); - } + trigger_error($user->lang['TOO_MANY_REGISTERS']); } - $db->sql_freeresult($result); - + $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); @@ -480,11 +421,11 @@ class ucp_register { case USER_ACTIVATION_SELF: $l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE']; - break; + break; case USER_ACTIVATION_ADMIN: $l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE']; - break; + break; } $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS'); @@ -502,10 +443,10 @@ class ucp_register 'EMAIL_CONFIRM' => (isset($email_confirm)) ? $email_confirm : '', 'CONFIRM_IMG' => $confirm_image, - 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), - 'L_ITEMS_REQUIRED' => $l_reg_cond, - 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), - 'L_NEW_PASSWORD_EXPLAIN'=> sprintf($user->lang['NEW_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), + 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), + 'L_ITEMS_REQUIRED' => $l_reg_cond, + 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), + 'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang['NEW_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($lang), 'S_TZ_OPTIONS' => tz_select($tz), diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 018c7b7105..0bdfb685a3 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -19,86 +19,80 @@ class ucp_remind function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $config, $phpbb_root_path, $phpEx; + global $db, $user, $auth, $template; - $submit = (isset($_POST['submit'])) ? true : false; + $username = request_var('username', '', true); + $email = request_var('email', ''); + $submit = (isset($_POST['submit'])) ? true : false; if ($submit) { - $username = request_var('username', '', true); - $email = request_var('email', ''); - $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang FROM ' . USERS_TABLE . " WHERE user_email = '" . $db->sql_escape($email) . "' - AND username = '" . $db->sql_escape($username) . "'"; + AND LOWER(username) = '" . $db->sql_escape(strtolower($username)) . "'"; $result = $db->sql_query($sql); + $user_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result))) + if (!$user_row) { trigger_error('NO_EMAIL_USER'); } - $db->sql_freeresult($result); - if ($row['user_type'] == USER_INACTIVE) + if ($user_row['user_type'] == USER_INACTIVE) { trigger_error('ACCOUNT_NOT_ACTIVATED'); } $server_url = generate_board_url(); - $username = $row['username']; - $user_id = $row['user_id']; $key_len = 54 - strlen($server_url); - $key_len = ($key_len > 6) ? $key_len : 6; + $key_len = ($key_len < 6) ? 6 : $key_len; $user_actkey = substr(gen_rand_string(10), 0, $key_len); $user_password = gen_rand_string(8); $sql = 'UPDATE ' . USERS_TABLE . " SET user_newpasswd = '" . $db->sql_escape(md5($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' - WHERE user_id = " . $row['user_id']; + WHERE user_id = " . $user_row['user_id']; $db->sql_query($sql); - include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - $messenger = new messenger(); + $messenger = new messenger(false); $messenger->template('user_activate_passwd', $row['user_lang']); $messenger->replyto($user->data['user_email']); - $messenger->to($row['user_email'], $row['username']); - $messenger->im($row['user_jabber'], $row['username']); + $messenger->to($user_row['user_email'], $user_row['username']); + $messenger->im($user_row['user_jabber'], $user_row['username']); $messenger->assign_vars(array( 'SITENAME' => $config['sitename'], - 'USERNAME' => html_entity_decode($username), + 'USERNAME' => html_entity_decode($user_row['username']), 'PASSWORD' => html_entity_decode($user_password), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey") + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") ); - $messenger->send($row['user_notify_type']); - $messenger->save_queue(); - + $messenger->send($user_row['user_notify_type']); meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } - else - { - $username = $email = ''; - } $template->assign_vars(array( - 'USERNAME' => $username, - 'EMAIL' => $email) + 'USERNAME' => $username, + 'EMAIL' => $email, + 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')) ); $this->tpl_name = 'ucp_remind'; } } -?> +?>
\ No newline at end of file diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index a18eb14e0d..51dd2ea4f2 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -19,61 +19,57 @@ class ucp_resend function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $config, $phpbb_root_path, $phpEx; + global $db, $user, $auth, $template; - $submit = (isset($_POST['submit'])) ? true : false; + $username = request_var('username', '', true); + $email = request_var('email', ''); + $submit = (isset($_POST['submit'])) ? true : false; if ($submit) { - $username = request_var('username', '', true); - $email = request_var('email', ''); - - $sql = 'SELECT user_id, username, user_email, user_type, user_lang, user_actkey + $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey FROM ' . USERS_TABLE . " WHERE user_email = '" . $db->sql_escape($email) . "' - AND username = '" . $db->sql_escape($username) . "'"; + AND LOWER(username) = '" . $db->sql_escape(strtolower($username)) . "'"; $result = $db->sql_query($sql); + $user_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result))) + if (!$user_row) { trigger_error('NO_EMAIL_USER'); } - $db->sql_freeresult($result); - if (!$row['user_actkey']) + if (!$user_row['user_actkey']) { trigger_error('ACCOUNT_ALREADY_ACTIVATED'); } - $server_url = generate_board_url(); - $username = $row['username']; - $user_id = $row['user_id']; + // Determine coppa status on group (INACTIVE(_COPPA)) + $sql = 'SELECT group_name, group_type + FROM ' . GROUPS_TABLE . ' + WHERE group_id = ' . $user_row['group_id']; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); -/* if ($coppa) - { - $email_template = 'coppa_welcome_inactive'; - }*/ -/* - if ($config['require_activation'] == USER_ACTIVATION_ADMIN) - { - $email_template = 'admin_welcome_inactive'; - } - else + if (!$row) { - $email_template = 'user_welcome_inactive'; + trigger_error('NO_GROUP'); } -*/ - include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + $coppa = ($row['group_name'] == 'INACTIVE_COPPA' && $row['group_type'] == GROUP_SPECIAL) ? true : false; + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); $messenger = new messenger(false); if ($config['require_activation'] == USER_ACTIVATION_SELF || $coppa) { - $messenger->template('user_resend_inactive', $row['user_lang']); + $messenger->template(($coppa) ? 'coppa_resend_inactive' : 'user_resend_inactive', $user_row['user_lang']); $messenger->replyto($config['board_contact']); - $messenger->to($row['user_email'], $row['username']); + $messenger->to($user_row['user_email'], $user_row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); @@ -83,10 +79,10 @@ class ucp_resend $messenger->assign_vars(array( 'SITENAME' => $config['sitename'], 'WELCOME_MSG' => sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), - 'USERNAME' => html_entity_decode($row['username']), + 'USERNAME' => html_entity_decode($user_row['username']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$row['user_id']}&k={$row['user_actkey']}") + 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}") ); if ($coppa) @@ -94,7 +90,7 @@ class ucp_resend $messenger->assign_vars(array( 'FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], - 'EMAIL_ADDRESS' => $row['user_email'], + 'EMAIL_ADDRESS' => $user_row['user_email'], 'SITENAME' => $config['sitename']) ); } @@ -104,8 +100,7 @@ class ucp_resend if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { - // Grab an array of user_id's with a_user permissions ... these users - // can activate a user + // Grab an array of user_id's with a_user permissions ... these users can activate a user $admin_ary = $auth->acl_get_list(false, 'a_user', false); $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type @@ -121,10 +116,10 @@ class ucp_resend $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => html_entity_decode($row['username']), + 'USERNAME' => html_entity_decode($user_row['username']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$row['user_id']}&k={$row['user_actkey']}") + 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}") ); $messenger->send($row['user_notify_type']); @@ -137,18 +132,15 @@ class ucp_resend $message = $user->lang['ACTIVATION_EMAIL_SENT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } - else - { - $username = $email = ''; - } $template->assign_vars(array( - 'USERNAME' => $username, - 'EMAIL' => $email) + 'USERNAME' => $username, + 'EMAIL' => $email, + 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=resend_act')) ); $this->tpl_name = 'ucp_resend'; } } -?> +?>
\ No newline at end of file |