// Redirect the user to the installer

// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information

// available as used by the redirect function

$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');

$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;

if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))

{

}

$url .= $script_path;

<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>

<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>

<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>

</ul>

<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>

exit;

}

unset($dbpasswd);

// worst-case default

$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';

$avatar_group = true;

$filename = substr($filename, 1);

}

// '==' is not a bug - . as the first char is as bad as no dot at all

if (strpos($filename, '.') == false)

{

$db->sql_close();

exit;

}

$ext = substr(strrchr($filename, '.'), 1);

$stamp = (int) substr(stristr($filename, '_'), 1);

$filename = (int) $filename;

// let's see if we have to send the file at all

$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;

if (strpos(strtolower($browser), 'msie 6.0') === false)

{

if ($last_load !== false && $last_load <= $stamp)

{

{

header('Status: 304 Not Modified', true, 304);

{

header('HTTP/1.0 304 Not Modified', true, 304);

}

header('Pragma: public');

header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));

exit();

else

{

header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');

}

}

if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))

{

// no way such an avatar could exist. They are not following the rules, stop the show.

$db->sql_close();

exit;

}

if (!$filename)

{

// no way such an avatar could exist. They are not following the rules, stop the show.

{

trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);

}

redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);

exit;

}

{

header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

}

if ($size)

{

header("Content-Length: $size");

}

}

}

// Check for own server...

// Forcing server vars is the only way to specify/override the protocol

if ($config['force_server_vars'] || !$server_name)

{

$allowed = true;

}

// Get IP's and Hostnames

if (!$allowed)

{

}

$db->sql_freeresult($result);

}

return $allowed;

}

return true;

}

$result = $this->_sql_transaction('commit');

if (!$result)

}

$random = substr($random, 0, $count);

}

$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);

if (strlen($hash) == 34)

}

$output .= $itoa64[($value >> 12) & 0x3f];

if ($i++ >= $count)

{

break;

unset($tracking_topics['t']);

unset($tracking_topics['f']);

$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);

$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);

$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics);

{

$mark_time[$forum_id] = $forum_mark_time[$forum_id];

}

$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];

foreach ($topic_ids as $topic_id)

$last_read[$row['topic_id']] = $row['mark_time'];

}

$db->sql_freeresult($result);

$topic_ids = array_diff($topic_ids, array_keys($last_read));

if (sizeof($topic_ids))

AND forum_id " .

(($global_announce_list && sizeof($global_announce_list)) ? "IN (0, $forum_id)" : "= $forum_id");

$result = $db->sql_query($sql);

$mark_time = array();

while ($row = $db->sql_fetchrow($result))

{

break;

}

break;

case 2:

switch ($string[$i])

{

break;

}

break;

case 3:

switch ($string[$i])

{

{

die('Invalid data supplied');

}

return $level;

}

{

global $config, $user;

$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');

// Forcing server vars is the only way to specify/override the protocol

if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))

{

}

if (!$without_script_path)

unset($query[$strip]);

}

}

// Glue the remaining parts together... already urlencoded

foreach ($query as $key => $value)

{

{

$minimum_time = (int) $config['form_token_mintime'];

}

if (isset($_POST['creation_time']) && isset($_POST['form_token']))

{

$creation_time = abs(request_var('creation_time', 0));

if (($diff >= $minimum_time) && (($diff <= $timespan) || $timespan == -1))

{

$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';

$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);

if ($key === $token)

{

{

$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');

}

break;

}

}

$template->set_filenames(array(

'body' => 'login_forum.html')

);

page_footer();

}

{

$value = substr($value, 1, sizeof($value)-2);

}

$parsed_items[$key] = $value;

}

return $parsed_items;

}

'log_operation' => $action,

'log_data' => $data,

);

switch ($mode)

{

case 'admin':

$sql_ary['log_type'] = LOG_ADMIN;

break;

case 'mod':

$sql_ary += array(

'log_type' => LOG_MOD,

case 'critical':

$sql_ary['log_type'] = LOG_CRITICAL;

break;

default:

return false;

}

echo ' <div class="panel">';

echo ' <div id="content">';

echo ' <h1>' . $msg_title . '</h1>';

echo ' <div>' . $msg_text . '</div>';

echo $l_notify;

echo ' </div>';

echo '</div>';

echo '</body>';

echo '</html>';

exit_handler();

break;

// We do not want the cron script to be called on error messages

define('IN_CRON', true);

if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])

{

adm_page_footer();

{

return;

}

define('HEADER_INC', true);

// gzip_compression

// Which timezone?

$tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));

// Send a proper content-language to the output

$user_lang = $user->lang['USER_LANG'];

if (strpos($user_lang, '-x-') !== false)

{

$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));

}

// The following assigns all _common_ variables that may be used at any point in a template.

$template->assign_vars(array(

'SITENAME' => $config['sitename'],

if (!defined('IN_CRON') && $run_cron && !$config['board_disable'])

{

$cron_type = '';

if (time() - $config['queue_interval'] > $config['last_queue_run'] && !defined('IN_ADMIN') && file_exists($phpbb_root_path . 'cache/queue.' . $phpEx))

{

// Process email queue

WHERE module_class = '" . $db->sql_escape($this->p_class) . "'

ORDER BY left_id ASC";

$result = $db->sql_query($sql);

$rows = array();

while ($row = $db->sql_fetchrow($result))

{

unset($this->module_cache['modules'][$key]);

continue;

}

$right_id = false;

}

{

continue;

}

$right_id = false;

}

$custom_func = '_module_' . $row['module_basename'];

$names[$row['module_basename'] . '_' . $row['module_mode']][] = true;

$module_row = array(

'depth' => $depth,

'display' => (int) $row['module_display'],

'url_extra' => (function_exists($url_func)) ? $url_func($row['module_mode'], $row) : '',

'lang' => ($row['module_basename'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),

'langname' => $row['module_langname'],

break;

default:

{

$token = '';

}

$forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id;

$is_auth = false;

return $is_auth;

}

// Is the user trying to link to a php file in this domain and script path?

if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)

{

// Forcing server vars is the only way to specify/override the protocol

if ($config['force_server_vars'] || !$server_name)

if ($config['max_' . $mode . '_chars'] > 0)

{

$msg_len = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#ius', ' ', $this->message));

if ((!$msg_len && $mode !== 'sig') || $config['max_' . $mode . '_chars'] && $msg_len > $config['max_' . $mode . '_chars'])

{

$this->warn_msg[] = (!$msg_len) ? $user->lang['TOO_FEW_CHARS'] : sprintf($user->lang['TOO_MANY_CHARS_' . strtoupper($mode)], $msg_len, $config['max_' . $mode . '_chars']);

$match = $replace = array();

// NOTE: obtain_* function? chaching the table contents?

// For now setting the ttl to 10 minutes

$sql = 'SELECT *

FROM ' . SMILIES_TABLE . '

ORDER BY ' . $db->sql_function('length_varchar', 'code') . ' DESC';

$result = $db->sql_query($sql, 600);

while ($row = $db->sql_fetchrow($result))

$this->update_session_page = $update_session_page;

$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';

$this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';

$this->page = $this->extract_current_page($phpbb_root_path);

// if the forwarded for header shall be checked we have to validate its contents

$this->set_cookie('sid', $this->session_id, $cookie_expire);

unset($cookie_expire);

$sql = 'SELECT COUNT(session_id) AS sessions

FROM ' . SESSIONS_TABLE . '

WHERE session_user_id = ' . (int) $this->data['user_id'] . '

global $db, $config;

$batch_size = 10;

if (!$this->time_now)

{

$this->time_now = time();

// Less than 10 users, update gc timer ... else we want gc

// called again to delete other sessions

set_config('session_last_gc', $this->time_now, true);

if ($config['max_autologin_time'])

{

$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '

}

$this->confirm_gc();

}

return;

}

function confirm_gc($type = 0)

{

global $db, $config;

$sql = 'SELECT DISTINCT c.session_id

FROM ' . CONFIRM_TABLE . ' c

LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id)

}

$db->sql_freeresult($result);

}

/**

* Sets a cookie

*

$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width

FROM ' . STYLES_IMAGESET_DATA_TABLE . '

WHERE imageset_id = ' . $this->theme['imageset_id'] . "

AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";

$result = $db->sql_query($sql, 3600);

global $db, $template;

$template->display('body');

// Close our DB connection.

if (!empty($db) && is_object($db))

{

*/

function redirect($page)

{

$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');

$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;

if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))

{

}

$url .= $script_path . '/' . $page;

$l_cat = (!empty($lang['CAT_' . $cat])) ? $lang['CAT_' . $cat] : preg_replace('#_#', ' ', $cat);

$cat = strtolower($cat);

$url = $this->module_url . "?mode=$cat&amp;language=$language";

if ($this->mode == $cat)

{

$template->assign_block_vars('t_block1', array(

case 'database':

$this->obtain_database_settings($mode, $sub);

break;

case 'administrator':

case 'config_file':

$this->create_config_file($mode, $sub);

break;

case 'advanced':

$this->add_language($mode, $sub);

$this->add_bots($mode, $sub);

$this->email_admin($mode, $sub);

// Remove the lock file

@unlink($phpbb_root_path . 'cache/install_lock');

'S_EXPLAIN' => true,

'S_LEGEND' => false,

));

// Check for url_fopen

if (@ini_get('allow_url_fopen') == '1' || strtolower(@ini_get('allow_url_fopen')) == 'on')

{

'S_EXPLAIN' => true,

'S_LEGEND' => false,

));

// Check for getimagesize

if (@function_exists('getimagesize'))

{

$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />';

}

}

$s_hidden_fields .= ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';

$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';

$config_data .= "@define('DEBUG', true);\n";

$config_data .= "@define('DEBUG_EXTRA', true);\n";

$config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!

// Attempt to write out the config file directly. If it works, this is the easiest way to do it ...

if ((file_exists($phpbb_root_path . 'config.' . $phpEx) && is_writable($phpbb_root_path . 'config.' . $phpEx)) || is_writable($phpbb_root_path))

{

$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';

$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';

$data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true;

$data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));

$data['server_protocol'] = ($data['server_protocol'] !== '') ? $data['server_protocol'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://');

$data['cookie_secure'] = ($data['cookie_secure'] !== '') ? $data['cookie_secure'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false);

$this->p_master->redirect("index.$phpEx?mode=install");

}

// Try to come up with the best solution for cookie domain...

if (strpos($cookie_domain, 'www.') === 0)

'UPDATE ' . $data['table_prefix'] . "config

SET config_value = '" . $db->sql_escape($data['admin_name']) . "'

WHERE config_name = 'newest_username'",

'UPDATE ' . $data['table_prefix'] . "config

SET config_value = '" . md5(mt_rand()) . "'

WHERE config_name = 'avatar_salt'",

'UPDATE ' . $data['table_prefix'] . "users

SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . hexdec(crc32($data['board_email1']) . strlen($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "'

WHERE username = 'Admin'",

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$db->sql_freeresult($result);

$_module->move_module_by($row, 'move_up', 4);

// Move permissions intro screen module 4 up...

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$db->sql_freeresult($result);

$_module->move_module_by($row, 'move_up', 4);

// Move manage users screen module 5 up...

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$db->sql_freeresult($result);

$_module->move_module_by($row, 'move_up', 5);

}

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$db->sql_freeresult($result);

$_module->move_module_by($row, 'move_down', 4);

}

'user_dateformat' => $lang['default_dateformat'],

'user_allow_massemail' => 0,

);

$user_id = user_add($user_row);

if (!$user_id)